PT-2016-1368 · Ibm · Ibm Websphere Portal

Published

2016-02-29

Updated

2017-02-19

CVE-2016-0245

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:P

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 8.0.x before 8.0.0.1 CF20 IBM WebSphere Portal versions 8.5.x before 8.5.0.0 CF10

Description The issue is related to an XML External Entity (XXE) problem, where the XML parser allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference. This is due to incorrect restriction of XML links to external objects.

Recommendations For IBM WebSphere Portal versions 8.0.x before 8.0.0.1 CF20, update to 8.0.0.1 CF20 or later. For IBM WebSphere Portal versions 8.5.x before 8.5.0.0 CF10, update to 8.5.0.0 CF10 or later.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

BDU:2016-00667

CVE-2016-0245

Affected Products

Ibm Websphere Portal

PT-2016-1368 · Ibm · Ibm Websphere Portal

CVE-2016-0245

Weakness Enumeration

Related Identifiers

Affected Products

References · 6