CVE-2017-1322XML External Entity (XXE) Injection in IBM API Connect

CWE-611XML External Entity (XXE) Injection4 documents4 sources
Severity
8.2HIGHNVD
EPSS
0.5%
top 32.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM API Connect
Timeline
PublishedJun 27
Latest updateMay 17

Description

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

CVEListV5ibm/api_connect5.0.6.0
NVDibm/api_connect11 versions+10

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-9q6x-xhvf-r63g: IBM API Connect 52022-05-17
CVEList
CVE-2017-1322: IBM API Connect 52017-06-27

💥Exploits & PoCs

1
Exploit-DB
Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing2017-09-25
CVE-2017-1322 — XML External Entity (XXE) Injection | cvebase