← Back

CVE-2017-1219

nvd nist
Published: Jul 19, 2017Modified: May 13, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Exploitability: 1.2 / Impact: 5.2
Source: NVD

Description

IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859.

Affected (15)

Products: Ibm: Bigfix Platform
Ibm
1 product
Bigfix Platform
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Bigfix Platform
Version 9.1.3
Bigfix Platform
Version 9.1.4
Bigfix Platform
Version 9.1.5
Bigfix Platform
Version 9.1.6
Bigfix Platform
Version 9.1.7
Bigfix Platform
Version 9.1
Bigfix Platform
Version 9.2.0
Bigfix Platform
Version 9.2.1
Bigfix Platform
Version 9.2.2
Bigfix Platform
Version 9.2.3
Bigfix Platform
Version 9.2.4
Bigfix Platform
Version 9.2.5
Bigfix Platform
Version 9.2.6
Bigfix Platform
Version 9.2.7
Bigfix Platform
Version 9.2

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory

Timeline

No history available yet.