CVE-2015-7400

Published: Jan 2, 2016Modified: May 6, 2026

7.7

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 3.1 / Impact: 4.0

Source: NVD

Description

The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected (1)

Products: Ibm: Mashups Center

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ibm Mashups Center	Version 3.0.0.1

Related CWEs

References (8)

http://www-01.ibm.com/support/docview.wss?uid=swg1IT12268

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21970392

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/77986

Source: psirt@us.ibm.com

http://www.securitytracker.com/id/1035319

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg1IT12268

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21970392

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/77986

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1035319

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.