2 matches found
Security Bulletin: IBM Workload Scheduler is vulnerable to XML External Entity Injection (XXE) attack
Summary IBM Workload Scheduler is vulnerable to XML External Entity Injection XXE exploitation while handling uploaded XML configuration files. Vulnerability Details CVEID:CVE-2022-38389 DESCRIPTION: IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injectio...
CVE-2022-38389
CVE-2022-38389 affects IBM Tivoli Workload Scheduler versions 9.4, 9.5, and 10.1, where XML data processing is vulnerable to XML External Entity (XXE) injection. The root cause is XXE handling during XML processing, exposing potential disclosure of sensitive information and memory resource consum...