PT-2017-12752 · Ibm+3 · Ibm Sdk+4

Published

2017-05-10

·

Updated

2018-01-05

·

CVE-2017-1289

CVSS v3.1

8.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Name of the Vulnerable Software and Affected Versions IBM SDK, Java Technology Edition (affected versions not specified) zlib (affected versions not specified)
Description The issue concerns an XML External Entity Injection (XXE) error and a denial of service vulnerability. A remote attacker could exploit these vulnerabilities to expose sensitive information, consume memory resources, or cause a denial of service by persuading a victim to open a specially crafted document.
Recommendations For IBM SDK, Java Technology Edition, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For zlib, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2017-1289
RHSA-2017:1220
RHSA-2017:1221
RHSA-2017:1222
RHSA-2017:3453
RHSA-2017_1220
RHSA-2017_1221
RHSA-2017_1222
SUSE-SU-2017:1384-1
SUSE-SU-2017:1385-1
SUSE-SU-2017:1386-1
SUSE-SU-2017:1387-1
SUSE-SU-2017:1389-1
SUSE-SU-2017:1444-1

Affected Products

Ibm Aix
Ibm Sdk
Red Hat
Suse
Zlib