PT-2017-12962 · Ibm · Ibm Api Connect

Published

2017-06-27

Updated

2017-07-05

CVE-2017-1322

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions IBM API Connect version 5.0.6.0

Description The issue allows a remote attacker to perform an XML External Entity Injection (XXE) attack when the software processes XML data. This could lead to the exposure of highly sensitive information or the consumption of memory resources.

Recommendations For IBM API Connect version 5.0.6.0, consider disabling XML processing or restricting access to sensitive data until a fix is available. As a temporary workaround, restrict the use of XML external entities to minimize the risk of exploitation.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2017-1322

Affected Products

Ibm Api Connect

PT-2017-12962 · Ibm · Ibm Api Connect

CVE-2017-1322

Weakness Enumeration

Related Identifiers

Affected Products

References · 5