CVE-2018-1421XML External Entity (XXE) Injection in IBM Datapower Gateway

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.3%
top 46.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Datapower GatewayIBM Datapower Gateways
Timeline
PublishedApr 4
Latest updateMay 13

Description

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

NVDibm/datapower_gateway7.1.0.07.1.0.21+5
CVEListV5ibm/datapower_gateways6 versions+5

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-jxg7-vv7x-x8fj: IBM WebSphere DataPower Appliances 72022-05-13
CVEList
CVE-2018-1421: IBM WebSphere DataPower Appliances 72018-04-04
CVE-2018-1421 — XML External Entity (XXE) Injection | cvebase