| Vulnerability Name: | CVE-2015-1909 (CCN-101786) | ||||||||
| Assigned: | 2015-04-09 | ||||||||
| Published: | 2015-04-09 | ||||||||
| Updated: | 2015-05-26 | ||||||||
| Summary: | The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-1909 Source: CONFIRM Type: Patch, Vendor Advisory http://www-01.ibm.com/support/docview.wss?uid=swg21700754 Source: CCN Type: IBM Security Bulletin 1700754 IBM InfoSphere MDM Reference Data Management affected by XML External Entity vulnerability(CVE-2015-1909) Source: XF Type: UNKNOWN ibm-infosphere-cve20151909-info-disc(101786) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||