Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5F9F98B63CFA9F3BAFF7D46D1027876C47FA88574428F66B0F6A8E0196B8F39D
HistoryJun 16, 2018 - 2:20 p.m.

Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM InfoSphere Identity Insight.

2018-06-1614:20:03
www.ibm.com
14

0.011 Low

EPSS

Percentile

84.6%

JSON

Summary

Vulnerabilities have been addressed in the Libxml2 component of IBM InfoSphere Identity Insight.

Vulnerability Details

CVEID: CVE-2017-16932 DESCRIPTION: Xmlsoft libxml2 is vulnerable to a denial of service, caused by an infinite recursion issue in parameter entities. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to exhaust available memory on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135489&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-16931 DESCRIPTION: Xmlsoft libxml2 is vulnerable to a buffer overflow, caused by improper handling of parameter-entity references in xmlParserHandlePEReference function. By using a percent character in a DTD name, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135488&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM InfoSphere Identity Insight 9.0.x

Remediation/Fixes

Principal Product and Version(s) Affected Supporting Product and Version Fix Central Download Link
IBM InfoSphere Identity Insight 9.0.x libxml2

CPENameOperatorVersion
infosphere identity insighteq9.0

Related

debian 2
veracode 4
nessus 22
openvas 16
osv 5
ibm 12
cve 2
nvd 2
prion 2
redhatcve 2
cvelist 2
ubuntu 3
cloudfoundry 2
ubuntucve 2
alpinelinux 2
debiancve 2
github 1
amazon 2
mageia 2
freebsd 1
hackerone 1
rosalinux 1
tenable 1
ics 1
oracle 1
debian
debian
[SECURITY] [DLA 1194-1] libxml2 security update
2017-11-30 14:05:13
[SECURITY] [DLA 2972-1] libxml2 security update
2022-04-08 21:17:02
veracode
veracode
Copy-paste Vulnerability Through LibXML2
2017-11-23 23:43:55
Arbitrary Code Execution
2020-05-10 23:23:44
Denial Of Service (DoS)
2022-04-13 21:57:25
nessus
nessus
Debian DLA-1194-1 : libxml2 security update
2017-12-01 00:00:00
EulerOS Virtualization 2.5.1 : libxml2 (EulerOS-SA-2018-1257)
2018-09-18 00:00:00
EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2018-1088)
2018-05-02 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1194-1)
2023-03-08 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1257)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1258)
2020-01-23 00:00:00
osv
osv
libxml2 - security update
2017-11-30 00:00:00
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
2022-05-13 01:02:39
libxml2 - security update
2022-04-08 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in libxml2 affect Intelยฎ Manycore Platform Software Stack (Intelยฎ MPSS) for Linux and Windows (CVE-2017-16931, CVE-2017-16932)
2019-01-31 02:40:01
Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-16932)
2023-04-14 14:32:25
Security Bulletin: A vulnerability in libxml2 affects IBM Flex System Manager (FSM) (CVE-2017-16932)
2018-06-18 01:42:30
cve
cve
CVE-2017-16931
2017-11-23 21:29:00
CVE-2017-16932
2017-11-23 21:29:00
nvd
nvd
CVE-2017-16931
2017-11-23 21:29:00
CVE-2017-16932
2017-11-23 21:29:00
prion
prion
Code injection
2017-11-23 21:29:00
Design/Logic Flaw
2017-11-23 21:29:00
redhatcve
redhatcve
CVE-2017-16931
2017-11-24 15:49:50
CVE-2017-16932
2017-11-24 15:50:03
cvelist
cvelist
CVE-2017-16931
2017-11-23 21:00:00
CVE-2017-16932
2017-11-23 21:00:00
ubuntu
ubuntu
libxml2 vulnerability
2017-12-05 00:00:00
libxml2 vulnerability
2017-12-05 00:00:00
libxml2 vulnerabilities
2018-08-14 00:00:00
cloudfoundry
cloudfoundry
USN-3504-1: libxml2 vulnerability | Cloud Foundry
2017-12-14 00:00:00
USN-3739-1: libxml2 vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
ubuntucve
ubuntucve
CVE-2017-16932
2017-11-23 00:00:00
CVE-2017-16931
2017-11-23 00:00:00
alpinelinux
alpinelinux
CVE-2017-16932
2017-11-23 21:29:00
CVE-2017-16931
2017-11-23 21:29:00
debiancve
debiancve
CVE-2017-16932
2017-11-23 21:29:00
CVE-2017-16931
2017-11-23 21:29:00
github
github
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
2022-05-13 01:02:39
amazon
amazon
Medium: libxml2
2019-09-30 22:47:00
Medium: libxml2
2023-04-27 16:19:00
mageia
mageia
Updated libxml2 packages fix security vulnerability
2018-01-03 18:50:51
Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
2018-01-03 18:50:51
freebsd
freebsd
clamav -- multiple vulnerabilities
2018-07-09 00:00:00
hackerone
hackerone
Internet Bug Bounty: Multiple issues in Libxml2 (2.9.2 - 2.9.5)
2017-11-27 06:37:31
rosalinux
rosalinux
Advisory ROSA-SA-2021-1905
2021-07-02 17:25:35
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00

0.011 Low

EPSS

Percentile

84.6%

JSON
Related for 5F9F98B63CFA9F3BAFF7D46D1027876C47FA88574428F66B0F6A8E0196B8F39D
debian2veracode4nessus22openvas16osv5ibm12cve2nvd2prion2redhatcve2cvelist2ubuntu3cloudfoundry2ubuntucve2alpinelinux2debiancve2github1amazon2mageia2freebsd1hackerone1rosalinux1tenable1ics1oracle1