CVE-2018-1801 Information
Feb 14, 2021
cve
Description
IBM App Connect V11.0.0.0 through V11.0.0.1 IBM Integration Bus V10.0.0.0 through V10.0.0.13 IBM Integration Bus V9.0.0.0 through V9.0.0.10 and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Reference
http://www.ibm.com/support/docview.wss?uid=ibm10795780 https://exchange.xforce.ibmcloud.com/vulnerabilities/149639
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
LOW
Base Severity
5.3
Share on: