5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.1%
IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to a local authenticated attacker due to Eclipse IDE. This bulletin identifies the steps to take to address the vulnerability.
CVEID:CVE-2023-4218
**DESCRIPTION:**Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations. By persuading a victim to open specially crafted XML content, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/271083 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM App Connect Enterprise Toolkit | 12.0.1.0 - 12.0.11.0 |
IBM App Connect Enterprise Toolkit | 11.0.0.1 - 11.0.0.24 |
IBM Integration Bus for z/OS Toolkit | 10.1 - 10.1.0.2 |
IBM strongly recommends addressing the vulnerability/vulnerabilities now by applying the appropriate fix to IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit
Affected Product(s)
|
Version(s)
|
APAR
|
Remediation / Fixes
—|—|—|—
IBM App Connect Enterprise Toolkit
|
12.0.1.0 - 12.0.11.0
|
IT45231
|
The APAR (IT45231) is available from
IBM App Connect Enterprise v12 - Security Fix Pack Release 12.0.11.1
IBM App Connect Enterprise Toolkit
|
11.0.0.1 - 11.0.0.24
|
IT45231
|
Interim Fix for APAR (IT45231) is available to apply to 11.0.0.24 from
IBM Integration Bus for z/OS Toolkit
|
10.1 - 10.1.0.2
|
IT45231
|
Interim Fix for APAR (IT45231) is available to apply to 10.1.0.2 from
None
5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
6 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.1%