Multiple vulnerabilities in IBM App Connect Enterprise Certified Container
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-0663 CVE-2017-7375 |
| CWE-ID | CWE-787 CWE-611 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
App Connect Enterprise Certified Container Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU38871
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-0663
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
MitigationInstall update from vendor's website.
Vulnerable software versionsApp Connect Enterprise Certified Container: before 5.0.1
CPE2.3 External linkshttps://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operands-may-be-vulnerable-to-arbitrary-code-execution-due-to-cve-2017-0663-and-loss-of-confidentiality-due-to-cve-2017-7375/
https://www.ibm.com/support/pages/node/6836933
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) XXE attack
EUVDB-ID: #VU11229
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-7375
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to perform XXE attack on the target system.
The weakness exists in the xmlParsePEReference function due to insufficient validation for external entities. A remote attacker can perform XXE attack and gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsApp Connect Enterprise Certified Container: before 5.0.1
CPE2.3 External linkshttps://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-operands-may-be-vulnerable-to-arbitrary-code-execution-due-to-cve-2017-0663-and-loss-of-confidentiality-due-to-cve-2017-7375/
https://www.ibm.com/support/pages/node/6836933
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
