IBM Marketing Platform Multiple XML External Entity Injection Vulnerabilities
BID:106201
CVE-2018-1424 | CVE-2018-1920 |Info
IBM Marketing Platform Multiple XML External Entity Injection Vulnerabilities
| Bugtraq ID: | 106201 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1424 CVE-2018-1920 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 05 2018 12:00AM |
| Updated: | Dec 05 2018 12:00AM |
| Credit: | Pawel Gocyla |
| Vulnerable: |
IBM Marketing Platform 9.1.2 IBM Marketing Platform 9.1.0.0 IBM Marketing Platform 10.1 |
| Not Vulnerable: |
IBM Marketing Platform 9.1.2.6-IBM_MP-IF01 IBM Marketing Platform 9.1.0.13 IBM Marketing Platform 10.1.0.1 |
Discussion
IBM Marketing Platform Multiple XML External Entity Injection Vulnerabilities
IBM Marketing Platform is prone to multiple XML External Entity injection vulnerabilities.
Attackers can exploit these issues to gain access to sensitive information or cause denial-of-service condition.
IBM Marketing Platform is prone to multiple XML External Entity injection vulnerabilities.
Attackers can exploit these issues to gain access to sensitive information or cause denial-of-service condition.
Exploit / POC
IBM Marketing Platform Multiple XML External Entity Injection Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
IBM Marketing Platform Multiple XML External Entity Injection Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
IBM Marketing Platform Multiple XML External Entity Injection Vulnerabilities
References:
References: