CVE-2013-5452

IBM FileNet Business Process Framework 4.1.0 - SSRF

Title source: llm
STIX 2.1

Description

IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/88192
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033734
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PJ40949
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21660343

Scores

EPSS 0.0104
EPSS Percentile 59.8%

Details

CWE
CWE-200
Status published
Products (1)
ibm/filenet_business_process_framework 4.1.0
Published Dec 19, 2013
Tracked Since Feb 18, 2026