CVE-2015-7400 - The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause

CVE-2015-7400

Summary

The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. <a href="https://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

References

Vulnerable Configurations

cpe:2.3:a:ibm:mashups_center:3.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:mashups_center:3.0.0.1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 03-12-2016 - 03:12)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:C

refmap via4

aixapar	IT12268
bid	77986
confirm	http://www-01.ibm.com/support/docview.wss?uid=swg21970392
sectrack	1035319

Last major update

03-12-2016 - 03:12

Published

02-01-2016 - 21:59

Last modified

03-12-2016 - 03:12