CVE-2017-1289

Impact:
Moderate
Public Date:
2017-05-09
CWE:
CWE-611
Bugzilla:
1449603: CVE-2017-1289 IBM JDK: XML External Entity Injection (XXE) error when processing XML data

The MITRE CVE dictionary describes this issue as:

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.

Find out more about CVE-2017-1289 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 8.2
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact None
Availability Impact Low

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.7.1-ibm) RHSA-2017:1221 2017-05-10
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.8.0-ibm) RHSA-2017:1220 2017-05-10
Red Hat Enterprise Linux Supplementary (v. 6) (java-1.6.0-ibm) RHSA-2017:1222 2017-05-10
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.8.0-ibm) RHSA-2017:1220 2017-05-10
Red Hat Enterprise Linux Supplementary (v. 7) (java-1.7.1-ibm) RHSA-2017:1221 2017-05-10
Red Hat Satellite 5.8 (RHEL v.6) (java-1.8.0-ibm) RHSA-2017:3453 2017-12-13
Last Modified

CVE description copyright © 2017, The MITRE Corporation