Xxe

2019-02-0421:29:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.6%

JSON

IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.

CPENameOperatorVersion
app_connectge11.0.0.0
app_connectle11.0.0.1
integration_busge9.0.0.0
integration_busle9.0.0.10
integration_busge10.0.0.0
integration_busle10.0.0.13
websphere_message_brokerge8.0.0.0
websphere_message_brokerle8.0.0.9

Name	Operator	Version
app_connect	ge	11.0.0.0
app_connect	le	11.0.0.1
integration_bus	ge	9.0.0.0
integration_bus	le	9.0.0.10
integration_bus	ge	10.0.0.0
integration_bus	le	10.0.0.13
websphere_message_broker	ge	8.0.0.0
websphere_message_broker	le	8.0.0.9