CVE-2015-5038 Information
Feb 14, 2021
cve
Description
IBM Connections 3.x before 3.0.1.1 CR3 4.0 before CR4 4.5 before CR5 and 5.0 before CR3 does not properly detect recursion during XML entity expansion which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML document containing a large number of nested entity references a similar issue to CVE-2003-1564.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg1LO87020 http://www-01.ibm.com/support/docview.wss?uid=swg21971439
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: