First published: Wed May 10 2017(Updated: )
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM SDK | <=6 | |
IBM SDK | <=6r1 | |
IBM SDK | <=7 | |
IBM SDK | <=7r1 | |
IBM SDK | <=8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-1289 is classified as High due to the potential exposure of highly sensitive information.
To fix CVE-2017-1289, update to the latest IBM SDK version that addresses the XML External Entity Injection issue.
CVE-2017-1289 affects various versions of IBM SDK, including service refreshes up to version 8.
Yes, CVE-2017-1289 can be exploited remotely by an attacker through XML data processing.
The potential impacts of CVE-2017-1289 include exposure of sensitive information and consumption of memory resources.