Security Bulletin: IBM Content Navigator is affected by an XML External Entity Injection (XXE) vulnerability

Summary

IBM Content Navigator has addressed the following vulnerability.

Vulnerability Details

CVEID:CVE-2018-1364**
DESCRIPTION: *IBM Content Navigator is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base Score: 8.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137449 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

Affected IBM Content Navigator

|

Affected Versions

—|—
IBM Content Navigator| 2.0.3
IBM Content Navigator| 3.0.2
IBM Content Navigator| 3.0.3

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Content Navigator| 2.0.3| Contact customer support center for the fix and instructions.
IBM Content Navigator| 3.0.2| Contact customer support center for the fix and instructions.
IBM Content Navigator| 3.0.3| Contact customer support center for the fix and instructions.

Workarounds and Mitigations

None