Vulnerabilities > CVE-2018-1821 - XXE vulnerability in IBM Operational Decision Manager

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
ibm
CWE-611
critical
exploit available

Summary

IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170.

Exploit-Db

fileexploits/multiple/webapps/46017.txt
idEDB-ID:46017
last seen2018-12-20
modified2018-12-19
platformmultiple
port9443
published2018-12-19
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/46017
titleIBM Operational Decision Manager 8.x - XML External Entity Injection
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/150849/ibmodm8x-xml.txt
idPACKETSTORM:150849
last seen2018-12-25
published2018-12-19
reporterMohamed M.Fouad
sourcehttps://packetstormsecurity.com/files/150849/IBM-Operational-Decision-Manager-8.x-XML-Injection.html
titleIBM Operational Decision Manager 8.x XML Injection