CVE-2018-1905

Summary

IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534.

Affected Software

VendorProductVersion RangeStatus
IBMWebSphere Application Server9.0.0.0affected
IBMWebSphere Application Server9.0.0.1affected
IBMWebSphere Application Server9.0.0.2affected
IBMWebSphere Application Server9.0.0.3affected
IBMWebSphere Application Server9.0.0.4affected
IBMWebSphere Application Server9.0.0.5affected
IBMWebSphere Application Server9.0.0.6affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References