XML injection in IBM AIX - CVE-2017-1289
Published: May 24, 2017 / Updated: June 27, 2017
Vulnerability identifier: #VU6667
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-1289
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM AIX
IBM AIX
Detailed vulnerability description
The vulnerability allows a remote attacker to perform XXE attack.
The weakness exists due to improper handling of XML External Entity (XXE) entries when parsing an XML data. A remote attacker can supply a specially crafted XML file to disclose important data or consume memory resources.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to improper handling of XML External Entity (XXE) entries when parsing an XML data. A remote attacker can supply a specially crafted XML file to disclose important data or consume memory resources.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-1289
Install update from vendor's website.