CVE-2018-1801

Summary

IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.

Affected Software

VendorProductVersion RangeStatus
IBMIntegration Bus9.0.0.0affected
IBMIntegration Bus10.0.0.0affected
IBMIntegration Bus9.0.0.10affected
IBMIntegration Bus10.0.0.13affected
IBMWebSphere Message Broker8.0.0.0affected
IBMWebSphere Message Broker8.0.0.9affected
IBMApp Connect11.0.0.0affected
IBMApp Connect11.0.0.1affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

References