CVE-2018-1801
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
IBM App Connect, desde la versión V11.0.0.0 hasta la V11.0.0.1; IBM Integration Bus, desde la versión V10.0.0.0 hasta la V10.0.0.13; IBM Integration Bus, desde la versión V9.0.0.0 hasta la V9.0.0.10; y WebSphere Message Broker, desde la versión V8.0.0.0 hasta la V8.0.0.9, es vulnerable a un ataque XXE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para consumir recursos de la memoria. IBM X-Force ID: 149639.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-12-13 CVE Reserved
- 2019-02-04 CVE Published
- 2024-06-20 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.ibm.com/support/docview.wss?uid=ibm10795780 | 2019-10-09 |
URL | Date | SRC |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/149639 | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Ibm Search vendor "Ibm" | App Connect Search vendor "Ibm" for product "App Connect" | >= 11.0.0.0 <= 11.0.0.1 Search vendor "Ibm" for product "App Connect" and version " >= 11.0.0.0 <= 11.0.0.1" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Integration Bus Search vendor "Ibm" for product "Integration Bus" | >= 9.0.0.0 <= 9.0.0.10 Search vendor "Ibm" for product "Integration Bus" and version " >= 9.0.0.0 <= 9.0.0.10" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Integration Bus Search vendor "Ibm" for product "Integration Bus" | >= 10.0.0.0 <= 10.0.0.13 Search vendor "Ibm" for product "Integration Bus" and version " >= 10.0.0.0 <= 10.0.0.13" | - |
Affected
| ||||||
Ibm Search vendor "Ibm" | Websphere Message Broker Search vendor "Ibm" for product "Websphere Message Broker" | >= 8.0.0.0 <= 8.0.0.9 Search vendor "Ibm" for product "Websphere Message Broker" and version " >= 8.0.0.0 <= 8.0.0.9" | - |
Affected
|