IBM Business Process Manager 7.5/8.0/8.5 XML Data xml external entity reference

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in IBM Business Process Manager 7.5/8.0/8.5 (Business Process Management Software) and classified as critical. Affected by this vulnerability is an unknown code of the component XML Data Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field11/20/2019 07:55 AM01/14/2021 02:48 PM01/14/2021 02:53 PM
typeBusiness Process Management SoftwareBusiness Process Management SoftwareBusiness Process Management Software
vendorIBMIBMIBM
nameBusiness Process ManagerBusiness Process ManagerBusiness Process Manager
version7.5/8.0/8.57.5/8.0/8.57.5/8.0/8.5
componentXML Data HandlerXML Data HandlerXML Data Handler
cwe611 (XML External Entity)611 (XML External Entity)611 (XML External Entity)
risk222
historic000
cvss2_vuldb_basescore5.55.55.5
cvss2_vuldb_tempscore5.55.55.5
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auSSS
cvss2_nvd_ciPPP
cvss2_nvd_iiNNN
cvss2_nvd_aiCCC
cvss3_meta_basescore6.76.76.7
cvss3_meta_tempscore6.76.76.7
cvss3_vuldb_basescore5.45.45.4
cvss3_vuldb_tempscore5.45.45.4
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1506384000 (09/26/2017)1506384000 (09/26/2017)1506384000 (09/26/2017)
urlhttp://www.ibm.com/support/docview.wss?uid=swg22007346http://www.ibm.com/support/docview.wss?uid=swg22007346http://www.ibm.com/support/docview.wss?uid=swg22007346
price_0day$5k-$25k$5k-$25k$5k-$25k
price_trend+++
cveCVE-2017-1527CVE-2017-1527CVE-2017-1527
cve_assigned148046400014804640001480464000
cve_nvd_published150638400015063840001506384000
cve_nvd_summaryIBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.
securityfocus100959100959100959
securityfocus_titleIBM Business Process Manager CVE-2017-1527 XML External Entity Injection VulnerabilityIBM Business Process Manager CVE-2017-1527 XML External Entity Injection VulnerabilityIBM Business Process Manager CVE-2017-1527 XML External Entity Injection Vulnerability
qualys_id370606370606370606
qualys_titleIBM Business Process Manager XML External Entity (XXE) injection vulnerability (swg22007346)IBM Business Process Manager XML External Entity (XXE) injection vulnerability (swg22007346)IBM Business Process Manager XML External Entity (XXE) injection vulnerability (swg22007346)
seealso107170 107169 107168107170 107169 107168107170 107169 107168
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
0day_days111
cvss3_nvd_basescore8.18.18.1
discoverydate150629760015062976001506297600
confirm_urlhttp://www.ibm.com/support/docview.wss?uid=swg22007346http://www.ibm.com/support/docview.wss?uid=swg22007346http://www.ibm.com/support/docview.wss?uid=swg22007346
securityfocus_date1506038400 (09/22/2017)1506038400 (09/22/2017)1506038400 (09/22/2017)
securityfocus_classInput Validation ErrorInput Validation ErrorInput Validation Error
xforce130156130156
cvss2_nvd_basescore7.57.5
person_nameSergio Ortega Fernndez

Do you want to use VulDB in your project?

Use the official API to access entries easily!