Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8D57B207EF797507DB54C94949AC945BC3BC51DC9A1FFEB48E699F21910C68F2
HistoryJun 17, 2018 - 10:33 p.m.

Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition are affected by James Clark Expat Vulnerabilities

2018-06-1722:33:38
www.ibm.com
12

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Summary

IBM Cloud Orchestrator has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2013-0340**
DESCRIPTION:** expat is vulnerable to a denial of service, caused by the improper handling of internal entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132738 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID: CVE-2013-0341**
DESCRIPTION:** expat is vulnerable to a denial of service, caused by the improper handling of external entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132741 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Affected IBM Cloud Orchestrator

|

Affected Versions

—|—
IBM Cloud Orchestrator| 2.5
IBM Cloud Orchestrator| 2.4
br>
br>

Remediation/Fixes

Fix delivery details for IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition:

Product VRMF Remediation/First Fix
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1 IFix1, V2.5.0.2, V2.5.0.3, V2.5.0.4, V2.5.0.5 For 2.5 versions, upgrade to Fix Pack 6 (2.5.0.6) of IBM Cloud Orchestrator.
<http://www-01.ibm.com/support/docview.wss?uid=swg2C4000066&gt;
IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4 For 2.4 versions, IBM recommends upgrading to Fix Pack 5 (2.4.0.5) of IBM Cloud Orchestrator.
<http://www-01.ibm.com/support/docview.wss?uid=swg2C4000063&gt;
br>
br>

Workarounds and Mitigations

None

Related

nessus 14
ibm 10
cve 3
prion 3
ubuntucve 1
cbl_mariner 1
freebsd 4
veracode 1
openvas 10
slackware 1
debiancve 1
mageia 1
gentoo 1
apple 6
androidsecurity 1
ics 1
avleonov 1
nessus
nessus
IBM Netezza Analytics Open Source James Clark Expat Multiple Vulnerabilities (swg22012645)
2018-02-09 00:00:00
EulerOS Virtualization 2.9.1 : expat (EulerOS-SA-2021-2756)
2021-11-17 00:00:00
FreeBSD : texproc/expat2 -- billion laugh attack (5fa90ee6-bc9e-11eb-a287-e0d55e2a8bf9)
2021-05-25 00:00:00
ibm
ibm
Security Bulletin:Vulnerabilities in Open Source James Clark Expat affect IBM Netezza Analytics
2019-10-18 03:10:29
Security Bulletin: IBM Prospect is affected by Expat XML Parser vulnerability (CVE-2013-0340)
2018-06-17 15:49:59
Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-43680_CVE-2013-0340_CVE-2017-9233)
2022-11-17 14:52:24
cve
cve
CVE-2013-0341
2013-09-26 14:16:00
CVE-2013-0340
2014-01-21 18:55:00
CVE-2021-40439
2021-10-07 16:15:00
prion
prion
Design/Logic Flaw
2013-09-26 14:16:00
Xxe
2014-01-21 18:55:00
Code injection
2021-10-07 16:15:00
ubuntucve
ubuntucve
CVE-2013-0340
2014-01-21 00:00:00
cbl_mariner
cbl_mariner
CVE-2013-0340 affecting package expat 2.2.6-4
2022-01-10 03:59:19
freebsd
freebsd
Python -- multiple vulnerabilities
2021-08-30 00:00:00
Python -- multiple vulnerabilities
2021-08-30 00:00:00
texproc/expat2 -- billion laugh attack
2013-02-21 00:00:00
veracode
veracode
XML External Entities (XXE)
2019-06-12 07:55:17
openvas
openvas
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2021-2756)
2021-11-17 00:00:00
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2021-2784)
2021-11-17 00:00:00
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2021-2524)
2021-09-28 00:00:00
slackware
slackware
[slackware-security] expat
2021-05-23 19:55:46
debiancve
debiancve
CVE-2013-0340
2014-01-21 18:55:00
mageia
mageia
Updated python3 packages fix security vulnerability
2021-09-23 07:49:29
gentoo
gentoo
Expat: Multiple vulnerabilities
2017-01-11 00:00:00
apple
apple
About the security content of Security Update 2021-005 Catalina
2021-09-13 00:00:00
About the security content of iOS 14.8 and iPadOS 14.8
2021-09-13 00:00:00
About the security content of watchOS 8
2021-09-20 00:00:00
androidsecurity
androidsecurity
Android 13 Security Release Notes
2022-07-25 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for 8D57B207EF797507DB54C94949AC945BC3BC51DC9A1FFEB48E699F21910C68F2
nessus14ibm10cve3prion3ubuntucve1cbl_mariner1freebsd4veracode1openvas10slackware1debiancve1mageia1gentoo1apple6androidsecurity1ics1avleonov1