CVE-2019-4062

Summary

IBM i2 Intelligent Analyis Platform 9.0.0 through 9.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 157007.

Affected Software

VendorProductVersion RangeStatus
IBMi2 Analyst’s Notebook9.0.0affected
IBMi2 Analyst’s Notebook9.0.1affected
IBMi2 Analyst’s Notebook9.0.2affected
IBMi2 Analyst’s Notebook9.0.3affected
IBMi2 Analyst’s Notebook9.0.4affected
IBMi2 Analyst’s Notebook9.0.5affected
IBMi2 Analyst’s Notebook9.0.6affected
IBMi2 Analyst’s Notebook9.0.7affected
IBMi2 Analyst’s Notebook9.1.0affected
IBMi2 Analyst’s Notebook9.1.1affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References