IBM Netcool/OMNIbus Probe DSL Factory Framework (probe-dsl-framework-4_0) has addressed the following vulnerability caused by Apache Camel’s Core component.
CVEID:CVE-2018-8027
DESCRIPTION: Apache Camel’s Core could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the XSD validation processor. By persuading a victim to open specially-crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147686> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected IBM Product
|
Affected Versions
—|—
Netcool/OMNIbus Probe DSL Factory Framework
|
1.0; 2.0; 3.0
Product
|
Versions
|
Remediation / First Fix
—|—|—
Netcool/OMNIbus Probe DSL Factory Framework
|
4.0
|
CPE | Name | Operator | Version |
---|---|---|---|
tivoli netcool/omnibus | eq | 7.4. | |
tivoli netcool/omnibus | eq | 8.1.0 |