Intrusion PreventionIBM.Operational.Decision.Manager.XXE
Description
This indicates an attack attempt against a XML external entity (XXE) vulnerability in IBM Operational Decision Management.
The vulnerabilities is due to an error in the application when handling a crafted XML file. A remote attacker can exploit this to gain unauthorized access to sensitive information, or to execute arbitrary code as the target software, via a crafted XML file.
Affected Products
IBM Operational Decision Management version 8.6.0.0 to version 8.6.0.2
IBM Operational Decision Management version 8.7.0.0 to version 8.7.1.2
IBM Operational Decision Management version 8.8.0.0 to version 8.8.1.2
IBM Operational Decision Management version 8.9.0.0 to version 8.9.2.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://exchange.xforce.ibmcloud.com/vulnerabilities/150170
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
References
46017| ID | 48462 |
| Created | Oct 30, 2019 |
| Updated | May 02, 2022 |
| Risk |
|
| CVE ID | CVE-2018-1821 |
| Exploit Prediction Score | 5.16% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | IBM |