XXE attack in IBM Business Automation Manager Open Editions
IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Description: CWE-611 Improper Restriction of XML External Entity Reference
Metrics
Version
Base score
Base severity
Vector
3.1
7.6
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Version:3.1
Base score:7.6
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
Product(s)Version(s) number and/or rangeRemediation/Fix/InstructionsIBM Business Automation Manager Open Editions9.0.0 - 9.4.2Update to 9.5.0 using the following instructions IBM Business Automation Manager Open Editions 9.5 Download Document https://www.ibm.com/support/pages/node/7277082
Note: The reference link is not yet publicly available and will be provided once the GA (General Availability) release is announced.