Lucene search

K
ibmIBM7E48F9E0C7C14AF7B1997EB50EFA2138BE169D8EC8B97EA19F32F19E1FB87600
HistoryNov 17, 2021 - 4:26 p.m.

Security Bulletin: Vulnerability in Xerces-C (CVE-2018-1311)

2021-11-1716:26:18
www.ibm.com
15

0.014 Low

EPSS

Percentile

86.6%

Summary

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311)

Vulnerability Details

CVEID:CVE-2018-1311
**DESCRIPTION:**Apache Xerces-C could allow a remote attacker to execute arbitrary code on the system, caused by an use-after-free error during the scanning of external DTDs. By sending a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173437 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
HMC V9.1.910.0 V9.1.910.0

Remediation/Fixes

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V9.1.940.2 ppc

|

MB04231

|

MH01843

Power HMC

|

V9.1.940.2 x86

|

MB04230

|

MH01842

Workarounds and Mitigations

None