PT-2018-14858 · Ibm · Ibm Marketing Platform

Published

2018-12-07

Updated

2019-10-09

CVE-2018-1920

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions IBM Marketing Platform versions 9.1.0 through 9.1.2 IBM Marketing Platform version 10.1

Description The issue allows a remote attacker to expose sensitive information or consume memory resources through a XML External Entity Injection (XXE) attack when processing XML data.

Recommendations For IBM Marketing Platform versions 9.1.0 through 9.1.2, update to a version that includes a fix for the XML External Entity Injection issue. For IBM Marketing Platform version 10.1, update to a version that includes a fix for the XML External Entity Injection issue. As a temporary workaround, consider restricting the processing of XML data to minimize the risk of exploitation.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-1920

Affected Products

Ibm Marketing Platform

PT-2018-14858 · Ibm · Ibm Marketing Platform

CVE-2018-1920

Weakness Enumeration

Related Identifiers

Affected Products

References · 5