PT-2018-4420 · Ibm · Ibm Connections

Published

2018-03-20

Updated

2018-04-12

CVE-2015-7461

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions IBM Connections versions 3.0.1.1 and earlier IBM Connections version 4.0 IBM Connections version 4.5 IBM Connections versions 5.0 before CR4

Description The issue allows remote authenticated users to cause a denial of service, specifically memory consumption, by providing crafted XML data, exploiting an XML external entity (XXE) vulnerability.

Recommendations For IBM Connections versions 3.0.1.1 and earlier, update to a version later than 3.0.1.1. For IBM Connections version 4.0, update to a version later than 4.0. For IBM Connections version 4.5, update to a version later than 4.5. For IBM Connections versions 5.0 before CR4, apply CR4 or update to a version later than 5.0 CR4.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-611

Related Identifiers

CVE-2015-7461

Affected Products

Ibm Connections

PT-2018-4420 · Ibm · Ibm Connections

CVE-2015-7461

Weakness Enumeration

Related Identifiers

Affected Products

References · 3