CVE-2018-1801

CWE-611 — XML External Entity (XXE)CWE-7497 documents4 sources

Severity

5.3MEDIUM

EPSS

0.3%

top 48.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM APP Connect IBM Integration BUS IBM Websphere Message Broker

Timeline

PublishedFeb 4

Latest updateOct 24

Description

IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶NVDibm/websphere_message_broker8.0.0.0 — 8.0.0.9

▶CVEListV5ibm/websphere_message_broker8.0.0.0, 8.0.0.9+1

▶NVDibm/integration_bus9.0.0.0 — 9.0.0.10+1

▶CVEListV5ibm/integration_bus4 versions+3

▶NVDibm/app_connect11.0.0.0 — 11.0.0.1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-6978-8w7h-mg7h: IBM App Connect V11↗2022-05-13

▶

CVEList

CVE-2018-1801: IBM App Connect V11↗2019-02-04

▶

📋Vendor Advisories

CISA

GIGABYTE Multiple Products Code Execution Vulnerability↗2022-10-24

▶

CISA

GIGABYTE Multiple Products Unspecified Vulnerability↗2022-10-24

▶

CISA

GIGABYTE Multiple Products Privilege Escalation Vulnerability↗2022-10-24

▶

CISA

GIGABYTE Multiple Products Privilege Escalation Vulnerability↗2022-10-24

▶