XXE attack in IBM InfoSphere Information Server for Cloud

#VU8422 XXE attack in IBM InfoSphere Information Server for Cloud

Cybersecurity Help s.r.o.

Published: 2017-09-13

Vulnerability identifier: #VU8422

Vulnerability risk: Low

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-1383

CWE-ID: CWE-611

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM InfoSphere Information Server for Cloud
Server applications / Other server solutions

Vendor: IBM Corporation

Description
The vulnerability allows a remote attacker to conduct XXE attack.

The weakness exists in the encryption library due to improper handling of XML External Entity (XXE) entries when parsing an XML file. A remote attacker can send manipulated XML data and gain access to arbitrary data or consume memory resources.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation
Workarounds are available on vendor's website.

Vulnerable software versions

IBM InfoSphere Information Server for Cloud: 9.1 - 11.5

External links
http://www-01.ibm.com/support/docview.wss?uid=swg22005803

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM InfoSphere Information Server