CVE-2018-1835: XEE
First published: Fri Nov 02 2018(Updated: )
IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Daeja ViewONE | =5.0 | |
| IBM Daeja ViewONE | =5.0 | |
| IBM Daeja ViewONE | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-1835.
What is the severity of CVE-2018-1835?
The severity of CVE-2018-1835 is high with a CVSS score of 7.1.
Which software versions are affected by CVE-2018-1835?
IBM Daeja ViewONE Professional, Standard, and Virtual 5.0 are affected by CVE-2018-1835.
What is the impact of CVE-2018-1835?
CVE-2018-1835 can be used by a remote attacker to expose sensitive information or consume memory resources.
How can I fix CVE-2018-1835?
Apply the necessary patches or updates provided by IBM to fix CVE-2018-1835.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/ibm
- canonical/ibm daeja viewone
- version/ibm daeja viewone/5.0