PT-2018-4420 · Ibm · Ibm Connections

Publicado

2018-03-20

Atualizado

2018-04-12

CVE-2015-7461

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions IBM Connections versions 3.0.1.1 and earlier IBM Connections version 4.0 IBM Connections version 4.5 IBM Connections versions 5.0 before CR4

Description The issue allows remote authenticated users to cause a denial of service, specifically memory consumption, by providing crafted XML data, exploiting an XML external entity (XXE) vulnerability.

Recommendations For IBM Connections versions 3.0.1.1 and earlier, update to a version later than 3.0.1.1. For IBM Connections version 4.0, update to a version later than 4.0. For IBM Connections version 4.5, update to a version later than 4.5. For IBM Connections versions 5.0 before CR4, apply CR4 or update to a version later than 5.0 CR4.

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-611

Identificadores relacionados

CVE-2015-7461

Produtos afetados

Ibm Connections

PT-2018-4420 · Ibm · Ibm Connections

CVE-2015-7461

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3