IBM B2B Advanced Communications has addressed a vulnerability (originally found in IBM Financial Transaction Manager) of an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE(s): CVE-2017-1758
Affected product(s) and affected version(s):
IBM Multi-Enterprise Integration Gateway 1.0 – 1.0.0.1
IBM B2B Advanced Communications 1.0.0.2 – 1.0.0.6
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22014656
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/135859
The post IBM Security Bulletin: IBM B2B Advanced Communications is Affected by an XML External Entity Injection (XXE) Attack when Processing XML Data appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2IWVG0n
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.