Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD4D9239D39380DAAAF0663AA50B7560152F0E3980E2EE27DD40046B16E4D33B3
HistoryJun 16, 2018 - 1:38 p.m.

Security Bulletin: OpenSource libXML2 Vulnerabilities affect Identity Insight 8.1

2018-06-1613:38:33
www.ibm.com
13

EPSS

0.025

Percentile

90.1%

JSON

Summary

Identity Insight 8.1 product is affected by multiple libXML2 vulnerabilities (CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-8317).

Vulnerability Details

CVEID: CVE-2015-7941**
DESCRIPTION:** Libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the xmlParseEntityDecl or xmlParseConditionalSections function. By using a specially-crafted XML data, a remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause the system to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108071 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7942**
DESCRIPTION:** Libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the xmlParseConditionalSections function. By using a specially-crafted XML data, a remote attacker could exploit this vulnerability to trigger an out-of-bounds read and cause the system to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108073 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-8035**
DESCRIPTION:** libxml2 is vulnerable to a denial of service, caused by an error when xz support is enabled. By using a specially-crafted xml file, an local attacker could exploit this vulnerability to cause the software to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107845 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-8241**
DESCRIPTION:** libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the XML parser in xmlNextChar. By using a malformed XML file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108169 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-8242**
DESCRIPTION:** libxml2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the HTML parser in push mode in xmlSAX2TextNode. By using a malformed XML file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108170 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-1819**
DESCRIPTION:** Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error in the xmlreader when processing XML data. A remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107272 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-5312**
DESCRIPTION:** An unspecified error in Libxml2 related to an entity expansion flaw has an unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108319 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-7497**
DESCRIPTION:** Libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the xmlDictComputeFastQKey() function. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108320 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-7498**
DESCRIPTION:** An unspecified error in Libxml2 related to the processing of entities after encoding conversion failures have occured has an unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108321 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-7499**
DESCRIPTION:** An unspecified error in Libxml2 related to some parser errors has an unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108322 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-7500**
DESCRIPTION:** Libxml2 is vulnerable to a denial of service, caused by a memory access error when handling invalid entity boundaries. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108323 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2015-8317**
DESCRIPTION:** libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the xmlParseXMLDecl function. By using a malformed XML file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108316 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Identity Insight 8.1

Remediation/Fixes

Download and apply isii_8.1.0.4_ifix003 from Fix Central.

Workarounds and Mitigations

None

Related

ibm 12
nessus 40
openvas 21
debian 4
redhat 2
centos 2
oraclelinux 2
veracode 9
freebsd 1
fedora 4
archlinux 1
amazon 2
ubuntu 2
cloudfoundry 1
f5 2
mageia 2
rubygems 2
osv 36
aix 1
gentoo 1
nvd 8
cvelist 7
ubuntucve 8
cve 9
prion 8
debiancve 8
suse 1
apple 2
github 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8317)
2018-06-15 23:15:11
Security Bulletin: Multiple vulnerabilities in Libxml2 affect Rational Systems Tester
2018-06-17 05:07:59
Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways
2021-06-08 22:18:27
nessus
nessus
SUSE SLED11 / SLES11 Security Update : libxml2 (SUSE-SU-2016:0030-1)
2016-01-12 00:00:00
RHEL 6 : libxml2 (RHSA-2015:2549)
2015-12-08 00:00:00
openSUSE Security Update : libxml2 (openSUSE-2016-32)
2016-01-25 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-2549)
2015-12-08 00:00:00
Debian Security Advisory DSA 3430-1 (libxml2 - security update)
2015-12-23 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-628)
2015-12-15 00:00:00
debian
debian
[SECURITY] [DSA 3430-1] libxml2 security update
2015-12-23 13:19:18
[SECURITY] [DSA 3430-1] libxml2 security update
2015-12-23 13:19:18
[SECURITY] [DLA 373-1] libxml2 security update
2015-12-26 13:08:39
redhat
redhat
(RHSA-2015:2549) Moderate: libxml2 security update
2015-12-07 00:00:00
(RHSA-2015:2550) Moderate: libxml2 security update
2015-12-07 10:04:33
centos
centos
libxml2 security update
2015-12-07 13:26:33
libxml2 security update
2015-12-07 20:38:05
oraclelinux
oraclelinux
libxml2 security update
2015-12-07 00:00:00
libxml2 security update
2015-12-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:51:46
Denial Of Service (DoS)
2019-05-02 05:51:46
Information Disclosure
2019-05-02 05:51:46
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2015-11-20 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: libxml2-2.9.3-1.fc22
2015-11-30 23:26:43
[SECURITY] Fedora 23 Update: libxml2-2.9.3-1.fc23
2015-11-26 21:01:32
[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22
2016-02-17 04:26:04
archlinux
archlinux
libxml2: multiple issues
2015-12-09 00:00:00
amazon
amazon
Medium: libxml2
2015-12-14 10:00:00
Medium: libxml2
2019-05-29 19:14:00
ubuntu
ubuntu
libxml2 vulnerabilities
2015-12-14 00:00:00
libxml2 vulnerabilities
2015-11-16 00:00:00
cloudfoundry
cloudfoundry
USN-2834-1 libxml2 vulnerability | Cloud Foundry
2016-01-07 00:00:00
f5
f5
K61570943 : Multiple libXML2 vulnerabilities
2016-02-15 00:00:00
SOL61570943 - libXML2 vulnerabilities CVE-2015-7941 and CVE-2015-7942
2016-02-15 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerabilities
2015-11-26 23:47:39
Updated libxml2 packages fix security vulnerability
2015-11-06 01:46:03
rubygems
rubygems
Nokogiri gem contains several vulnerabilities in libxml2
2015-12-14 21:00:00
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
2015-04-13 21:00:00
osv
osv
libxml2 - security update
2015-12-26 00:00:00
CVE-2016-9597
2018-07-30 14:29:02
libxml2 - security update
2015-11-29 00:00:00
aix
aix
Vulnerabilities in LibXML2 affect AIX,Vulnerabilities in LibXML2 affect VIOS
2016-02-22 08:06:13
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
nvd
nvd
CVE-2015-7942
2015-11-18 16:59:06
CVE-2015-8241
2015-12-15 21:59:06
CVE-2015-8317
2015-12-15 21:59:09
cvelist
cvelist
CVE-2015-7942
2015-11-18 16:00:00
CVE-2015-8317
2015-12-15 21:00:00
CVE-2015-7498
2015-12-15 21:00:00
ubuntucve
ubuntucve
CVE-2015-7942
2015-10-23 00:00:00
CVE-2015-8241
2015-11-18 00:00:00
CVE-2015-7498
2015-11-26 00:00:00
cve
cve
CVE-2015-7942
2015-11-18 16:59:06
CVE-2015-7498
2015-12-15 21:59:02
CVE-2015-7497
2015-12-15 21:59:01
prion
prion
Out-of-bounds
2015-11-18 16:59:00
Heap overflow
2015-12-15 21:59:00
Heap overflow
2015-12-15 21:59:00
debiancve
debiancve
CVE-2015-7942
2015-11-18 16:59:06
CVE-2015-8317
2015-12-15 21:59:09
CVE-2015-7498
2015-12-15 21:59:02
suse
suse
Security update for sles12-docker-image (important)
2016-03-16 15:28:52
apple
apple
About the security content of tvOS 9.2 - Apple Support
2017-01-23 03:54:34
About the security content of tvOS 9.2
2016-03-21 00:00:00
github
github
Heap-based buffer overflow in nokogiri
2018-09-17 21:57:38

EPSS

0.025

Percentile

90.1%

JSON
Related for D4D9239D39380DAAAF0663AA50B7560152F0E3980E2EE27DD40046B16E4D33B3
ibm12nessus40openvas21debian4redhat2centos2oraclelinux2veracode9freebsd1fedora4archlinux1amazon2ubuntu2cloudfoundry1f52mageia2rubygems2osv36aix1gentoo1nvd8cvelist7ubuntucve8cve9prion8debiancve8suse1apple2github1