CVE-2017-1758

CWE-611 — XML External Entity (XXE)8 documents5 sources

Severity

7.1HIGH

EPSS

0.5%

top 36.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Control Center IBM Financial Transaction Manager IBM Transformation Extender Advanced

Timeline

PublishedFeb 21

Latest updateMay 14

Description

IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages6 packages

▶CVEListV5ibm/financial_transaction_manager9 versions+8

▶NVDibm/financial_transaction_manager5 versions+4

▶CVEListV5ibm/transformation_extender_advanced9.0

▶NVDibm/transformation_extender_advanced9.0

▶CVEListV5ibm/control_center6.0, 6.1, 6.1.1+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-2qpc-h4mf-gvrr: IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6↗2022-05-14

▶

OSV

exiv2 vulnerabilities↗2019-01-10

▶

CVEList

CVE-2017-1758: IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6↗2018-02-21

▶

💬Community

Bugzilla

CVE-2017-7530 cfme: Execution of arbitrary methods through filter param↗2017-06-27

▶

Bugzilla

CFME: Dialog for creating cloud volumes does not filter cloud tenants CVE-2017-7497↗2017-05-11

▶

Bugzilla

CVE-2017-2664 CloudForms: lack of RBAC on various methods in web UI↗2017-03-23

▶

Bugzilla

CVE-2017-5595 zoneminder: File disclosure due to unfiltered user-input↗2017-02-06

▶