XXE attack in IBM WebSphere Application Server

1) XXE attack

EUVDB-ID: #VU16175

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-1905

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to conduct XXE-attack.

The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can trick the victim into open an XML file that submits malicious input and obtain potentially sensitive information or consume excessive resources to cause the server to crash.

Mitigation

Update to version 9.0.0.10.

Vulnerable software versions

IBM WebSphere Application Server: 9.0 - 9.0.0.9

CPE2.3

• cpe:2.3:a:ibm_corporation:ibm_websphere_application_server:9.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_websphere_application_server:9.0.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_websphere_application_server:9.0.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_websphere_application_server:9.0.0.2:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_websphere_application_server:9.0.0.3:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_websphere_application_server:9.0.0.4:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_websphere_application_server:9.0.0.5:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_websphere_application_server:9.0.0.6:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_websphere_application_server:9.0.0.7:*:*:*:*:*:*:*
• cpe:2.3:a:ibm_corporation:ibm_websphere_application_server:9.0.0.8:*:*:*:*:*:*:*

External links

https://www-01.ibm.com/support/docview.wss?uid=ibm10738721

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.