CVE-2017-1383

CRITICAL

IBM InfoSphere Information Server <11.5 - XXE

Title source: llm
STIX 2.1

Description

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg22005803
VDB Entry, Vendor Advisory x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/127155

Scores

CVSS v3 9.1
EPSS 0.0272
EPSS Percentile 84.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-611
Status published
Products (6)
IBM/InfoSphere Information Server 11.3
IBM/InfoSphere Information Server 11.5
IBM/InfoSphere Information Server 9.1
ibm/infosphere_information_server 9.1
ibm/infosphere_information_server 11.3
ibm/infosphere_information_server 11.5
Published Aug 02, 2017
Tracked Since Feb 18, 2026