Platform Symphony
CVE-2018-1702
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionNVD
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189.
AnalysisAI
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189. Affected products include: Ibm Platform Symphony, Ibm Spectrum Symphony.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Disable external entity processing in XML parsers, use JSON instead of XML where possible.
More in Platform Symphony
View allAn unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credent
IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary com
IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to obtain sensitive user information such as p
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 contain an information disclo
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker
Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (proce
IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key a
Share
External POC / Exploit Code
Leaving vuln.today