CVE-2018-1846

Summary

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945.

Affected Software

VendorProductVersion RangeStatus
IBMRational Engineering Lifecycle Manager5.0affected
IBMRational Engineering Lifecycle Manager6.0affected
IBMRational Engineering Lifecycle Manager6.0.1affected
IBMRational Engineering Lifecycle Manager6.0.2affected
IBMRational Engineering Lifecycle Manager6.0.3affected
IBMRational Engineering Lifecycle Manager6.0.4affected
IBMRational Engineering Lifecycle Manager6.0.5affected
IBMRational Engineering Lifecycle Manager6.0.6affected
IBMRational Engineering Lifecycle Manager5.01affected
IBMRational Engineering Lifecycle Manager5.02affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References