CVE-2018-1821
published 2018-12-13CVE-2018-1821: IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A…
critical9.1CVSS 3.0
AVNACLPRNUINSUCHINAH
EXPLOIT
IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | operational_decision_management | — | — |
| ibm | operational_decision_management | — | — |
| ibm | operational_decision_management | — | — |
| ibm | operational_decision_management | — | — |
| ibm | operational_decision_management | — | — |
| ibm | operational_decision_manager | >= 8.6.0.0 < 8.6.0.3 | 8.6.0.3 |
| ibm | operational_decision_manager | >= 8.7.0.0 < 8.7.1.2 | 8.7.1.2 |
| ibm | operational_decision_manager | >= 8.8.0.0 < 8.8.1.3 | 8.8.1.3 |
| ibm | operational_decision_manager | >= 8.9.0.0 < 8.9.2.1 | 8.9.2.1 |