PT-2016-3757 · Ibm · Ibm Mashup Center

Published

2016-01-02

Updated

2016-12-03

CVE-2015-7400

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions IBM Mashup Center version 3.0.0.1

Description The issue allows remote authenticated users to cause a denial of service, specifically CPU consumption, by utilizing an XML external entity declaration in conjunction with an entity reference. This is related to an XML External Entity (XXE) issue.

Recommendations For IBM Mashup Center version 3.0.0.1, consider disabling the XML external entity processing to prevent exploitation until a patch is available. Restrict access to the Lotus Mashups component to minimize the risk of denial of service attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2015-7400

Affected Products

Ibm Mashup Center

PT-2016-3757 · Ibm · Ibm Mashup Center

CVE-2015-7400

Weakness Enumeration

Related Identifiers

Affected Products

References · 5