CVE-2017-1289CVE-2017-1289

Affected configuration(s):

cpe:/a:ibm:sdk:6:service_refresh_16_fp41:~~java_technology_edition~~~
cpe:/a:ibm:sdk:6r1:service_refresh_8_fp41:~~java_technology_edition~~~
cpe:/a:ibm:sdk:7:service_refresh_10_fp1:~~java_technology_edition~~~
cpe:/a:ibm:sdk:7r1:service_refresh_4_fp1:~~java_technology_edition~~~
cpe:/a:ibm:sdk:8:service_refresh_4_fp2:~~java_technology_edition~~~

Date published: 2017-05-22T16:29:00.313-04:00

Date last modified: 2017-12-14T21:29:03.970-05:00

CVSS Score: 6.4

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/98401

Summary: IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.