Описание
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15
is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:ibm:webmethods_integration:10.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:webmethods_integration:10.15:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00081
Низкий
8.8 High
CVSS3
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 8.8
github
8 месяцев назад
IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands.
EPSS
Процентиль: 24%
0.00081
Низкий
8.8 High
CVSS3
Дефекты
CWE-611