IBM.Operational.Decision.Manager.XXE
Description
This indicates an attack attempt against a XML external entity (XXE) vulnerability in IBM Operational Decision Management.
The vulnerabilities is due to an error in the application when handling a crafted XML file. A remote attacker can exploit this to gain unauthorized access to sensitive information, or to execute arbitrary code as the target software, via a crafted XML file.
Affected Products
IBM Operational Decision Management version 8.6.0.0 to version 8.6.0.2
IBM Operational Decision Management version 8.7.0.0 to version 8.7.1.2
IBM Operational Decision Management version 8.8.0.0 to version 8.8.1.2
IBM Operational Decision Management version 8.9.0.0 to version 8.9.2.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://exchange.xforce.ibmcloud.com/vulnerabilities/150170
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |