2 matches found
Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Process Manager (CVE-2017-1527)
Summary IBM Business Process Manager BPM can process XML messages, including messages from untrusted sources. Because of insufficient restriction of an XML parser, XML External Entity injection allows an authenticated remote attacker to send specially crafted XML messages and thus cause a denial ...
CVE-2017-1527
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156...