IBM1F902AAC8DB67B1B3762C288EA96635E0A38CD5F8185960408E0BB435C27F92DSecurity Bulletin: IBM Business Process Manager (BPM) document store is susceptible to XXE (XML External Entity) attacks. (CVE-2013-5452)
EPSS
Percentile
44.2%
Summary
An XML eXternal Entity (XXE) vulnerability has been reported for the embedded component used by IBM BPM document store.
Vulnerability Details
CVEID: CVE-2013-5452**
DESCRIPTION:** The IBM FileNet Business Process Framework is vulnerable to an XML external entity attack. A remote attacker could exploit this vulnerability to obtain sensitive information, which could be used to launch further attacks against the system.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88192 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
Affected Products and Versions
- IBM Business Process Manager V8.5.5.0 and V8.5.6.0
Remediation/Fixes
Install the interim fix for APAR JR53843 as appropriate for your current IBM Business Process Manager version.
- IBM Business Process Manager Express
- IBM Business Process Manager Standard
- IBM Business Process Manager Advanced
Please note that the fix for 8.5.6.0 is included in Cumulative Fix 1 see Product maintenance strategy for IBM Business Process Manager V8.5.6 and V8.5.7.
Workarounds and Mitigations
None
Related
EPSS
Percentile
44.2%