CVE-2017-1289
HIGHIBM SDK for Java Technology < 6 - XML External Entity Injection
Title source: manualDescription
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1221
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1220
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=swg22002169
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1222
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98401
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:3453
Scores
CVSS v3
8.2
EPSS
0.0092
EPSS Percentile
76.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Details
CWE
CWE-611
Status
published
Products (6)
ibm/sdk
< 6
ibm/sdk
< 6r1
ibm/sdk
< 7
ibm/sdk
< 7r1
ibm/sdk
< 8
IBM Corporation/Runtimes for Java Technology
6.0, 6.1, 7.0, 7.1, 8.0
Published
May 22, 2017
Tracked Since
Feb 18, 2026