Open Source James Clark Expat is consumed by IBM Netezza Analytics and is vulnerable to denial of service. IBM Netezza Analytics has addressed the applicable CVEs
CVEID: CVE-2013-0340**
DESCRIPTION:** Expat is vulnerable to a denial of service, caused by the improper handling of internal entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132738> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVEID: CVE-2013-0341**
DESCRIPTION:** Expat is vulnerable to a denial of service, caused by the improper handling of external entity expansion. By persuading a victim to open a specially crafted XML document, an attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132741> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Product | VRMF | Remediation/First Fix |
---|---|---|
IBM Netezza Analytics | 3.2.2 | Link to Fix Central |
None