11.5

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

ibm

CWE-611

NVD

Published: 2018-03-12

Updated: 2018-04-09

Summary

XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Infosphere Information Server 11.3 IBM Infosphere Information Server 11.3.1 IBM Infosphere Information Server 11.5	3

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

http://www-01.ibm.com/support/docview.wss?uid=swg21977152
https://exchange.xforce.ibmcloud.com/vulnerabilities/110510