IBM Endpoint Manager XML External Entity Injection Network Vulnerability

Summary

IBM Endpoint Manager is prone to a XML External Entity Injection

Impact

This vulnerability could allow an attacker to access files on an affected server or cause an affected server to make an arbitrary HTTP GET request.

Solution

Update to the latest version.

Insight

IBM Endpoint Manager could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to access files and obtain sensitive information on the server.

Affected

All 9.1 releases of the Console, Root Server, Web Reports and Server API earlier than 9.1.1088.0 All 9.0 releases of the Console, Root Server, Web Reports and Server API earlier than 9.0.853.0 All 8.2 releases of Web Reports and Server API earlier than 8.2.1445.0

Detection

Check the version.

Severity

Classification

CVE CVE-2014-0224

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

7Media Web Solutions EduTrac Directory Traversal Vulnerability
Apache CouchDB Cross Site Request Forgery Vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability
Apache Struts Cross Site Scripting Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability

Take action and discover your vulnerabilities