CVE-2017-1289

CWE-611XML External Entity (XXE)6 documents6 sources
Severity
8.2HIGH
EPSS
0.9%
top 24.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM SDKIBM Corporation Runtimes FOR Java Technology
Timeline
PublishedMay 22
Latest updateMay 14

Description

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

CVEListV5ibm_corporation/runtimes_for_java_technology6.0, 6.1, 7.0, 7.1, 8.0
NVDibm/sdk6+4

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-xf3v-qxxv-424v: IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data2022-05-14
CVEList
CVE-2017-1289: IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data2017-05-22

💥Exploits & PoCs

1
Exploit-DB
Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response2017-09-25

📋Vendor Advisories

1
Red Hat
JDK: XML External Entity Injection (XXE) error when processing XML data2017-05-09

💬Community

1
Bugzilla
CVE-2017-1289 IBM JDK: XML External Entity Injection (XXE) error when processing XML data2017-05-10
CVE-2017-1289 (HIGH CVSS 8.2) | cvebase.io