Описание
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775.
Ссылки
- VDB Entry
- PatchVendor Advisory
- VDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:jazz_for_service_management:1.1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_netcool\/omnibus_gui:1.1.3.10:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00664
Низкий
7.1 High
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
github
больше 3 лет назад
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775.
EPSS
Процентиль: 71%
0.00664
Низкий
7.1 High
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-611