XML External Entity Injection Vulnerability in IBM Marketing Platform
CVE-2018-1920

7.1HIGH

Key Information:

Vendor

IBM
Status
Marketing Platform
Vendor
CVE Published:
7 December 2018

What is CVE-2018-1920?

The IBM Marketing Platform versions 9.1.0, 9.1.2, and 10.1 are susceptible to XML External Entity Injection (XXE) attacks when handling XML data. A remote attacker could exploit this issue to access confidential information or deplete memory resources, posing a significant risk to affected systems. Proper validation and sanitization of XML input are crucial to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Marketing Platform 9.1.2

Marketing Platform 9.1.0

Marketing Platform 10.1

References

http://www.securityfocus.com/bid/106201
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/152855
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=ibm10744217
x_refsource_CONFIRM

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.