Vulnerability Description
IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | App Connect | >= 11.0.0.0, <= 11.0.0.1 |
| Ibm | Integration Bus | >= 9.0.0.0, <= 9.0.0.10 |
| Ibm | Websphere Message Broker | >= 8.0.0.0, <= 8.0.0.9 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=ibm10795780PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/149639VDB EntryVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=ibm10795780PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/149639VDB EntryVendor Advisory
FAQ
What is CVE-2018-1801?
CVE-2018-1801 is a vulnerability with a CVSS score of 5.3 (MEDIUM). IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is...
How severe is CVE-2018-1801?
CVE-2018-1801 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1801?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm App Connect, Ibm Integration Bus, Ibm Websphere Message Broker.