Lucene search

IbmCVE-2015-7400

HistoryJan 02, 2016 - 9:59 p.m.

CVE-2015-7400

2016-01-0221:59:03

CWE-399

ibm

web.nvd.nist.gov

cve-2015-7400

ibm mashup center

cpu denial of service

xml external entity

xxe issue

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

68.1%

JSON

The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

Nvd

Node

ibmmashups_centerMatch3.0.0.1

VendorProductVersionCPE
ibmmashups_center3.0.0.1cpe:2.3:a:ibm:mashups_center:3.0.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	mashups_center	3.0.0.1	cpe:2.3:a:ibm:mashups_center:3.0.0.1:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1IT12268

www-01.ibm.com/support/docview.wss?uid=swg21970392

www.securityfocus.com/bid/77986

www.securitytracker.com/id/1035319

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.003

Percentile

68.1%

JSON

Related for CVE-2015-7400