CVE-2017-1149

Summary

IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM X-Force ID: 122202.

Affected Software

VendorProductVersion RangeStatus
IBMUrbanCode Deploy6.1.0.2, 6.0, 6.0.1, 6.0.1.1, 6.0.1.2, 6.0.1.3, 6.0.1.4, 6.0.1.5, 6.0.1.6, 6.1, 6.1.0.1, 6.1.0.3, 6.0.1.7, 6.0.1.8, 6.1.0.4, 6.1.1, 6.1.1.1, 6.1.1.2, 6.1.1.3, 6.1.1.4, 6.1.1.5, 6.0.1.9, 6.1.1.6, 6.1.1.7, 6.1.2, 6.0.1.10, 6.0.1.11, 6.1.1.8, 6.1.3, 6.1.3.1, 6.2, 6.2.0.1, 6.0.1.12, 6.1.3.2, 6.2.0.2, 6.2.1, 6.0.1.13, 6.2.1.1, 6.0.1.14, 6.1.3.3, 6.2.1.2, 6.2.2, 6.2.2.1, 6.2.3.0, 6.2.3.1, 6.1.3.4, 6.1.3.5affected

Weaknesses

  • Gain Access

ADP Enrichment

CVE Program Container

Additional References

References