What is the severity of CVE-2017-1527?

CVE-2017-1527 has a high severity rating due to the potential for sensitive data exposure and memory resource consumption.

How do I fix CVE-2017-1527?

To mitigate CVE-2017-1527, upgrade affected IBM Business Process Manager versions to the latest patched release.

What versions are affected by CVE-2017-1527?

CVE-2017-1527 affects IBM Business Process Manager versions 7.5, 8.0, and 8.5.

What type of attack is CVE-2017-1527 associated with?

CVE-2017-1527 is associated with an XML External Entity Injection (XXE) attack.

Can CVE-2017-1527 be exploited remotely?

Yes, CVE-2017-1527 can be exploited remotely by an attacker to compromise sensitive information.

Vulnerability/
CVE-2017-1527

high

8.1

CWE

611

26/9/2017

17/9/2024

CVE-2017-1527: XEE

First published: Tue Sep 26 2017(Updated: )

IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 130156.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Business Process Manager	=7.5.0.0
IBM Business Process Manager	=7.5.0.0
IBM Business Process Manager	=7.5.0.0
IBM Business Process Manager	=7.5.0.0
IBM Business Process Manager	=7.5.0.1
IBM Business Process Manager	=7.5.0.1
IBM Business Process Manager	=7.5.0.1
IBM Business Process Manager	=7.5.0.1
IBM Business Process Manager	=7.5.1.0
IBM Business Process Manager	=7.5.1.0
IBM Business Process Manager	=7.5.1.0
IBM Business Process Manager	=7.5.1.0
IBM Business Process Manager	=7.5.1.1
IBM Business Process Manager	=7.5.1.1
IBM Business Process Manager	=7.5.1.1
IBM Business Process Manager	=7.5.1.1
IBM Business Process Manager	=7.5.1.2
IBM Business Process Manager	=7.5.1.2
IBM Business Process Manager	=7.5.1.2
IBM Business Process Manager	=7.5.1.2
IBM Business Process Manager	=8.0.0.0
IBM Business Process Manager	=8.0.0.0
IBM Business Process Manager	=8.0.0.0
IBM Business Process Manager	=8.0.0.0
IBM Business Process Manager	=8.0.1.0
IBM Business Process Manager	=8.0.1.0
IBM Business Process Manager	=8.0.1.0
IBM Business Process Manager	=8.0.1.0
IBM Business Process Manager	=8.0.1.1
IBM Business Process Manager	=8.0.1.1
IBM Business Process Manager	=8.0.1.1
IBM Business Process Manager	=8.0.1.1
IBM Business Process Manager	=8.0.1.2
IBM Business Process Manager	=8.0.1.2
IBM Business Process Manager	=8.0.1.2
IBM Business Process Manager	=8.0.1.2
IBM Business Process Manager	=8.0.1.3
IBM Business Process Manager	=8.0.1.3
IBM Business Process Manager	=8.0.1.3
IBM Business Process Manager	=8.0.1.3
IBM Business Process Manager	=8.5.0.0
IBM Business Process Manager	=8.5.0.0
IBM Business Process Manager	=8.5.0.0
IBM Business Process Manager	=8.5.0.0
IBM Business Process Manager	=8.5.0.1
IBM Business Process Manager	=8.5.0.1
IBM Business Process Manager	=8.5.0.1
IBM Business Process Manager	=8.5.0.1
IBM Business Process Manager	=8.5.0.2
IBM Business Process Manager	=8.5.0.2
IBM Business Process Manager	=8.5.0.2
IBM Business Process Manager	=8.5.0.2
IBM Business Process Manager	=8.5.5.0
IBM Business Process Manager	=8.5.5.0
IBM Business Process Manager	=8.5.5.0
IBM Business Process Manager	=8.5.5.0
IBM Business Process Manager	=8.5.6.0
IBM Business Process Manager	=8.5.6.0
IBM Business Process Manager	=8.5.6.0
IBM Business Process Manager	=8.5.6.0
IBM Business Process Manager	=8.5.6.1
IBM Business Process Manager	=8.5.6.1
IBM Business Process Manager	=8.5.6.1
IBM Business Process Manager	=8.5.6.1
IBM Business Process Manager	=8.5.6.2
IBM Business Process Manager	=8.5.6.2
IBM Business Process Manager	=8.5.6.2
IBM Business Process Manager	=8.5.6.2
IBM Business Process Manager	=8.5.7.0
IBM Business Process Manager	=8.5.7.0
IBM Business Process Manager	=8.5.7.0
IBM Business Process Manager	=8.5.7.0

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22007346

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1527?
CVE-2017-1527 has a high severity rating due to the potential for sensitive data exposure and memory resource consumption.
How do I fix CVE-2017-1527?
To mitigate CVE-2017-1527, upgrade affected IBM Business Process Manager versions to the latest patched release.
What versions are affected by CVE-2017-1527?
CVE-2017-1527 affects IBM Business Process Manager versions 7.5, 8.0, and 8.5.
What type of attack is CVE-2017-1527 associated with?
CVE-2017-1527 is associated with an XML External Entity Injection (XXE) attack.
Can CVE-2017-1527 be exploited remotely?
Yes, CVE-2017-1527 can be exploited remotely by an attacker to compromise sensitive information.

collector/nvd-index
agent/type
agent/weakness
agent/severity
agent/references
agent/author
agent/remedy
agent/description
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/ibm
canonical/ibm business process manager
version/ibm business process manager/7.5.0.0
version/ibm business process manager/7.5.0.1
version/ibm business process manager/7.5.1.0
version/ibm business process manager/7.5.1.1
version/ibm business process manager/7.5.1.2
version/ibm business process manager/8.0.0.0
version/ibm business process manager/8.0.1.0
version/ibm business process manager/8.0.1.1
version/ibm business process manager/8.0.1.2
version/ibm business process manager/8.0.1.3
version/ibm business process manager/8.5.0.0
version/ibm business process manager/8.5.0.1
version/ibm business process manager/8.5.0.2
version/ibm business process manager/8.5.5.0
version/ibm business process manager/8.5.6.0
version/ibm business process manager/8.5.6.1
version/ibm business process manager/8.5.6.2
version/ibm business process manager/8.5.7.0