CVE-2017-1192XML External Entity (XXE) Injection in IBM Sterling B2B Integrator

CWE-611XML External Entity (XXE) Injection5 documents5 sources
Severity
8.2HIGHNVD
EPSS
0.5%
top 32.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Sterling B2B Integrator
Timeline
PublishedAug 10
Latest updateMay 14

Description

IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

CVEListV5ibm/sterling_b2b_integrator7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-pp2f-3wrg-gx2g: IBM Sterling B2B Integrator 52022-05-14
CVEList
CVE-2017-1192: IBM Sterling B2B Integrator 52017-08-10

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Kernel - 'win32kfull!SfnINLPUAHDRAWMENUITEM' Stack Memory Disclosure2017-04-13
CVE-2017-1192 — XML External Entity (XXE) Injection | cvebase