What is CVE-2018-1702?

CVE-2018-1702 is a vulnerability in IBM Platform Symphony and IBM Spectrum Symphony that allows for XML External Entity Injection attacks, potentially leading to exposure of sensitive information or resource consumption.

Which versions of IBM Platform Symphony and IBM Spectrum Symphony are affected?

IBM Platform Symphony versions 7.1 Fix Pack 1 and 7.1.1, as well as IBM Spectrum Symphony versions 7.1.2 and 7.2.0.2 are affected.

What is the severity level of CVE-2018-1702?

CVE-2018-1702 has a severity level of high.

How can a remote attacker exploit CVE-2018-1702?

A remote attacker can exploit CVE-2018-1702 by performing an XML External Entity Injection attack.

Are there any references for CVE-2018-1702?

Yes, you can find references for CVE-2018-1702 at the following links: [https://exchange.xforce.ibmcloud.com/vulnerabilities/146189](https://exchange.xforce.ibmcloud.com/vulnerabilities/146189) and [https://www.ibm.com/support/docview.wss?uid=ibm10719659](https://www.ibm.com/support/docview.wss?uid=ibm10719659).

Vulnerability/
CVE-2018-1702

high

7.1

CWE

611

28/9/2018

9/10/2019

CVE-2018-1702: XEE

First published: Fri Sep 28 2018(Updated: )

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 146189.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Platform Symphony	=7.1-fp1
IBM Platform Symphony	=7.1.1
IBM Spectrum Symphony	=7.1.2
IBM Spectrum Symphony	=7.2.0.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-1702?
CVE-2018-1702 is a vulnerability in IBM Platform Symphony and IBM Spectrum Symphony that allows for XML External Entity Injection attacks, potentially leading to exposure of sensitive information or resource consumption.
Which versions of IBM Platform Symphony and IBM Spectrum Symphony are affected?
IBM Platform Symphony versions 7.1 Fix Pack 1 and 7.1.1, as well as IBM Spectrum Symphony versions 7.1.2 and 7.2.0.2 are affected.
What is the severity level of CVE-2018-1702?
CVE-2018-1702 has a severity level of high.
How can a remote attacker exploit CVE-2018-1702?
A remote attacker can exploit CVE-2018-1702 by performing an XML External Entity Injection attack.
Are there any references for CVE-2018-1702?
Yes, you can find references for CVE-2018-1702 at the following links: [https://exchange.xforce.ibmcloud.com/vulnerabilities/146189](https://exchange.xforce.ibmcloud.com/vulnerabilities/146189) and [https://www.ibm.com/support/docview.wss?uid=ibm10719659](https://www.ibm.com/support/docview.wss?uid=ibm10719659).

collector/nvd-index
agent/severity
agent/references
agent/author
agent/weakness
agent/tags
agent/type
agent/event
agent/description
agent/last-modified-date
vendor/ibm
canonical/ibm platform symphony
version/ibm platform symphony/7.1-fp1
version/ibm platform symphony/7.1.1
canonical/ibm spectrum symphony
version/ibm spectrum symphony/7.1.2
version/ibm spectrum symphony/7.2.0.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.