CVE-2013-5452: Infoleak
First published: Thu Dec 19 2013(Updated: )
IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM FileNet Business Process Framework | =4.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-5452?
CVE-2013-5452 is classified as a critical vulnerability due to its potential to allow unauthorized access to sensitive files.
How do I fix CVE-2013-5452?
To mitigate CVE-2013-5452, apply the latest security patches provided by IBM for the FileNet Business Process Framework 4.1.0.
What types of attacks are possible with CVE-2013-5452?
CVE-2013-5452 can be exploited to read arbitrary files or to perform external entity attacks on intranet systems.
Who is affected by CVE-2013-5452?
CVE-2013-5452 affects users of IBM FileNet Business Process Framework version 4.1.0.
What should I monitor for after addressing CVE-2013-5452?
After addressing CVE-2013-5452, monitor for any unauthorized access attempts or unexpected file access requests.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/ibm
- canonical/ibm filenet business process framework
- version/ibm filenet business process framework/4.1.0