CVE-2017-1458

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
8.1HIGH
EPSS
0.7%
top 28.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Qradar Network Security
Timeline
PublishedSep 5
Latest updateMay 14

Description

IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-hr5m-p87f-r39q: IBM QRadar Network Security 52022-05-14
CVEList
CVE-2017-1458: IBM QRadar Network Security 52017-09-05
CVE-2017-1458 (HIGH CVSS 8.1) | IBM QRadar Network Security 5.4 is | cvebase.io