Published: 02/08/2017 Updated: 04/08/2017

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Subscribe to Infosphere Information Server

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm infosphere information server 9.1
ibm infosphere information server 11.5
ibm infosphere information server 11.3
ibm infosphere_information_server 11.5

IBM Infosphere Information Server / Datastage versions 91, 113, and 115 (including Cloud version 115) suffer from bypass, XML external entity injection, DLL side loading, and various other vulnerabilities ...

CWE-611 https://exchange.xforce.ibmcloud.com/vulnerabilities/127155 http://www.ibm.com/support/docview.wss?uid=swg22005803 https://nvd.nist.gov https://packetstormsecurity.com/files/144187/IBM-Infosphere-Information-Server-Datastage-11.5-Command-Execution-Bypass.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-1383

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect