PT-2022-25507 · Ibm · Ibm Infosphere Information Server
Kajetan Rostojek
+1
·
Published
2022-11-03
·
Updated
2022-11-04
·
CVE-2022-40747
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
IBM InfoSphere Information Server version 11.7
Description
The issue allows a remote attacker to expose sensitive information or consume memory resources through an XML External Entity Injection (XXE) attack when processing XML data.
Recommendations
For IBM InfoSphere Information Server version 11.7, update the software to a version that includes a fix for the XML External Entity Injection (XXE) attack, or as a temporary workaround, consider restricting XML data processing to prevent potential exploitation.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Infosphere Information Server