CVE-2018-1364
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.
Known Affected Software
3 configuration(s) from 1 vendor(s)
content_navigator
Version:
3.0.3
CPE:
cpe:2.3:a:ibm:content_navigator:3.0.3:*:*:*:*:*:*:*
content_navigator
Version:
3.0.2
CPE:
cpe:2.3:a:ibm:content_navigator:3.0.2:*:*:*:*:*:*:*
content_navigator
Version:
2.0.3
CPE:
cpe:2.3:a:ibm:content_navigator:2.0.3:*:*:*:*:*:*:*
This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://www.ibm.com/support/docview.wss?uid=swg22012595psirt@us.ibm.com Vendor Advisory
-
http://www.securityfocus.com/bid/102864psirt@us.ibm.com Third Party Advisory VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/137449psirt@us.ibm.com VDB Entry Vendor Advisory
-
http://www.ibm.com/support/docview.wss?uid=swg22012595af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.securityfocus.com/bid/102864af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/137449af854a3a-2127-422b-91ae-364da2661108 VDB Entry Vendor Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-611
Improper Restriction of XML External Entity Reference
- Description
- The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- January 29, 2018
