CVE-2018-1702

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

7.1HIGH

EPSS

0.4%

top 42.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Platform Symphony IBM Spectrum Symphony

Timeline

PublishedSep 28

Latest updateMay 13

Description

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages4 packages

▶CVEListV5ibm/platform_symphony7.1, 7.1.1+1

▶CVEListV5ibm/spectrum_symphony7.1.2, 7.2.0.2+1

▶NVDibm/platform_symphony7.1, 7.1.1+1

▶NVDibm/spectrum_symphony7.1.2, 7.2.0.2+1

🔴Vulnerability Details

GHSA

GHSA-2p96-whq9-48cc: IBM Platform Symphony 7↗2022-05-13

▶

CVEList

CVE-2018-1702: IBM Platform Symphony 7↗2018-09-28

▶