Security Bulletin: IBM Netcool/OMNIbus Probe DSL Factory Framework is affected by Apache Camel's Core vulnerability

Summary

IBM Netcool/OMNIbus Probe DSL Factory Framework (probe-dsl-framework-4_0) has addressed the following vulnerability caused by Apache Camel’s Core component.

Vulnerability Details

CVEID:CVE-2018-8027
DESCRIPTION: Apache Camel’s Core could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the XSD validation processor. By persuading a victim to open specially-crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147686&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected IBM Product

|

Affected Versions

—|—

Netcool/OMNIbus Probe DSL Factory Framework

|

1.0; 2.0; 3.0

Remediation/Fixes

Product

|

Versions

|

Remediation / First Fix

—|—|—

Netcool/OMNIbus Probe DSL Factory Framework

|

4.0

|

Netcool/OMNIbus Integrations Release Notice - Netcool/OMNIbus Probe DSL Factory Framework (probe-dsl-framework-4_0)