IBM26E52A52A78406207A64AFD0B0195073E68A57923CC5AB5CACDDD8586C6E2563Security Bulletin: IBM InfoSphere MDM Reference Data Management affected by XML External Entity vulnerability(CVE-2015-1909)
0.002 Low
EPSS
Percentile
58.8%
Summary
IBM MDM InfoSphere Reference Data Management is vulnerable to XML External Entity attack caused by weakly configured XML parser.
Vulnerability Details
CVEID:CVE-2015-1909**
DESCRIPTION: ** IBM InfoSphere Master Data Management Server could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing an XML request. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information which could result in gaining WebSphere Commerce administrator access.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101786> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Affected Products and Versions
IBM InfoSphere MDM Reference Data Management Versions 11.4, 11.3, 11.0, 10.1.
Remediation/Fixes
The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| IBM InfoSphere MDM Reference Data Management |
11.4
| None| 11.4-FP2
IBM InfoSphere MDM Reference Data Management|
11.3
| None| 11.3-FP3
IBM InfoSphere MDM Reference Data Management|
11.0
| None| 11.0-FP3
IBM InfoSphere MDM Reference Data Management|
10.1
| None| 10.1-IF1
Workarounds and Mitigations
None known
Affected configurations
Related
0.002 Low
EPSS
Percentile
58.8%