Home Unlabelled IBM Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Process Manager (CVE-2017-1527)

IBM Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Process Manager (CVE-2017-1527)

By
Saturday, September 23, 2017
Read
Add Comment

IBM Business Process Manager (BPM) can process XML messages, including messages from untrusted sources. Because of insufficient restriction of an XML parser, XML External Entity injection allows an authenticated remote attacker to send specially crafted XML messages and thus cause a denial of service by exhausting system resources or exfiltrate sensitive information.

CVE(s): CVE-2017-1527

Affected product(s) and affected version(s):

– IBM Business Process Manager V7.5.0.0 through V7.5.1.2

– IBM Business Process Manager V8.0.0.0 through V8.0.1.3

– IBM Business Process Manager V8.5.0.0 through V8.5.0.2

– IBM Business Process Manager V8.5.5.0

– IBM Business Process Manager V8.5.6.0 through V8.5.6.0 CF2

– IBM Business Process Manager V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2wNT6Ck
X-Force Database: http://ift.tt/2xvyItf

The post IBM Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Process Manager (CVE-2017-1527) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2wNRJDW
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us