HIGH🇵🇱 Wersja polska

CVE-2017-1758

CVSS 7.1v3.0pub. 2018-02-21upd. 2024-11-21

IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
  • IBM Control Center

    APP
    Ibm
    6.0.0.06.0.0.16.1.0.06.1.0.16.1.1.0
  • IBM Financial Transaction Manager

    APP
    Ibm
    3.0.2.03.0.2.13.0.3.03.0.4.03.1.0.0
  • IBM Transformation Extender Advanced

    APP
    Ibm
    9.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XXE
CWE
References

Related vulnerabilities

CVE-2023-49886CRITICAL9.8PL ✓ten sam produkt

RCE przez niebezpieczną deserializację Java w IBM Standards Processing Engine

CVE-2019-4575CRITICAL9.8ten sam produkt

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to...

CVE-2020-5003CRITICAL9.1ten sam produkt

IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when pr...

CVE-2019-4032CRITICAL9.8ten sam produkt

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection...

CVE-2023-49880HIGH7.5ten sam produkt

In the Message Entry and Repair (MER) facility of IBM Financial Transaction Manager for SWIFT Services 3.2.4 t...