CVE-2017-1149 — XML External Entity (XXE) Injection in IBM Urbancode Deploy

CWE-611 — XML External Entity (XXE) Injection4 documents4 sources

Severity

8.1HIGHNVD

EPSS

0.4%

top 41.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Urbancode Deploy

Timeline

PublishedApr 25

Latest updateMay 17

Description

IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5ibm/urbancode_deploy6.1.0.2, 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.1, 6.1.0.1, 6.1.0.3, 6.0.1.7, 6.0.1.8, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.0.1.9, 6.1.1.6, 6.1.1.7, 6.1.2, 6.0.1.10, 6.0.1.11, 6.1.1.8, 6.1.3, 6.1.3.1, 6.2, 6.2.0.1, 6.0.1.12, 6.1.3.2, 6.2.0.2, 6.2.1, 6.0.1.13, 6.2.1.1, 6.0.1.14, 6.1.3.3, 6.2.1.2, 6.2.2, 6.2.2.1, 6.2.3.0, 6.2.3.1, 6.1.3.4, 6.1.3.5

▶NVDibm/urbancode_deploy38 versions+37

🔴Vulnerability Details

GHSA

GHSA-83j6-jp6r-wpqh: IBM UrbanCode Deploy (UCD) 6↗2022-05-17

▶

CVEList

CVE-2017-1149: IBM UrbanCode Deploy (UCD) 6↗2017-04-25

▶

💥Exploits & PoCs

Exploit-DB

Apple macOS - '32-bit syscall exit' Kernel Register Leak↗2017-05-22

▶