PT-2017-13956 · Ibm · Ibm Business Process Manager

Sergio Ortega Fernández

Published

2017-09-26

Updated

2017-09-29

CVE-2017-1527

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions IBM Business Process Manager versions 7.5 through 8.5

Description The issue allows for a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory resources.

Recommendations For versions 7.5 through 8.5, update the XML processing module to prevent XXE attacks, ensuring that external entities are properly validated and restricted to prevent information exposure or memory consumption.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2017-1527

Affected Products

Ibm Business Process Manager

PT-2017-13956 · Ibm · Ibm Business Process Manager

CVE-2017-1527

Weakness Enumeration

Related Identifiers

Affected Products

References · 5