CVE-2018-1424

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
7.1HIGH
EPSS
0.5%
top 35.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Marketing Platform
Timeline
PublishedDec 7
Latest updateMay 13

Description

IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139029.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5ibm/marketing_platform10.1, 9.1.0, 9.1.2+2
NVDibm/marketing_platform10.1, 9.1.0, 9.1.2+2

🔴Vulnerability Details

2
GHSA
GHSA-43m3-2gf4-gx9r: IBM Marketing Platform 92022-05-13
CVEList
CVE-2018-1424: IBM Marketing Platform 92018-12-07
CVE-2018-1424 (HIGH CVSS 7.1) | IBM Marketing Platform 9.1.0 | cvebase.io