CVE-2012-3340

Published: Sep 1, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.

Affected (3)

Products: Ibm: Infosphere Guardium

1 product

Infosphere Guardium

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Infosphere Guardium	Version 8.0.1
Ibm Infosphere Guardium	Version 8.0
Ibm Infosphere Guardium	Version 8.2

Related CWEs

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21611128

Source: psirt@us.ibm.com

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/78291

Source: psirt@us.ibm.com

VDB EntryVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21611128

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/78291

Source: af854a3a-2127-422b-91ae-364da2661108

VDB EntryVendor Advisory

Timeline

No history available yet.