REDHAT-BUG-1449603

First published: Wed May 10 2017(Updated: )

IBM JDK versions 6.0.16.45, 7.0.10.5, 7.1.4.5, and 8.0.4.5 correct a security issue described by upstream as: CVEID: <a href="https://access.redhat.com/security/cve/CVE-2017-1289">CVE-2017-1289</a> DESCRIPTION: IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. CVSS Base Score: 8.2 CVSS Temporal Score: See <a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/125150">https://exchange.xforce.ibmcloud.com/vulnerabilities/125150</a> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L) References: <a href="https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_May_2017">https://developer.ibm.com/javasdk/support/security-vulnerabilities/#IBM_Security_Update_May_2017</a> <a href="http://www-01.ibm.com/support/docview.wss?uid=swg22002169">http://www-01.ibm.com/support/docview.wss?uid=swg22002169</a> <a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/125150">https://exchange.xforce.ibmcloud.com/vulnerabilities/125150</a>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/first-publish-date
• agent/last-modified-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2017-1289
• agent/severity
• agent/references
• agent/description
• agent/event
• agent/source
• agent/tags
• agent/softwarecombine
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/ibm
• canonical/ibm jdk 8