Home Unlabelled IBM Security Bulletin: DataPower vulnerable to XML External Entity Injection attack (CVE-2018-1421)

IBM Security Bulletin: DataPower vulnerable to XML External Entity Injection attack (CVE-2018-1421)

By
Tuesday, April 03, 2018
Read
Add Comment

Apr 3, 2018 9:01 am EDT

Categorized: High Severity

Share this post:

DataPower is vulnerable to an XMLExternal Entity Injection attack from a low-privileged DataPower account. IBM has addressed the applicable CVE

CVE(s): CVE-2018-1421

Affected product(s) and affected version(s):

DataPower versions 7.1.0.0-7.1.0.21, 7.2.0.0-7.2.0.18, 7.5.0.0-7.5.0.13, 7.5.1.0-7.5.1.12, 7.5.2.0-7.5.2.12, 7.6.0.0-7.6.0.5

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22015055
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/139023



from IBM Product Security Incident Response Team https://ift.tt/2q349pQ
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us