{"containers": {"cna": {"affected": [{"product": "Integration Bus", "vendor": "IBM", "versions": [{"status": "affected", "version": "9.0.0.0"}, {"status": "affected", "version": "10.0.0.0"}, {"status": "affected", "version": "9.0.0.10"}, {"status": "affected", "version": "10.0.0.13"}]}, {"product": "WebSphere Message Broker", "vendor": "IBM", "versions": [{"status": "affected", "version": "8.0.0.0"}, {"status": "affected", "version": "8.0.0.9"}]}, {"product": "App Connect", "vendor": "IBM", "versions": [{"status": "affected", "version": "11.0.0.0"}, {"status": "affected", "version": "11.0.0.1"}]}], "datePublic": "2019-01-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-02-04T20:57:01.000Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-ibus-cve20181801-dos(149639)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2019-01-28T00:00:00", "ID": "CVE-2018-1801", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Integration Bus", "version": {"version_data": [{"version_value": "9.0.0.0"}, {"version_value": "10.0.0.0"}, {"version_value": "9.0.0.10"}, {"version_value": "10.0.0.13"}]}}, {"product_name": "WebSphere Message Broker", "version": {"version_data": [{"version_value": "8.0.0.0"}, {"version_value": "8.0.0.9"}]}}, {"product_name": "App Connect", "version": {"version_data": [{"version_value": "11.0.0.0"}, {"version_value": "11.0.0.1"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639."}]}, "impact": {"cvssv3": {"BM": {"A": "L", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "N", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "ibm-ibus-cve20181801-dos(149639)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"}, {"name": "http://www.ibm.com/support/docview.wss?uid=ibm10795780", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T04:14:38.303Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-ibus-cve20181801-dos(149639)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2018-1801", "datePublished": "2019-02-04T21:00:00.000Z", "dateReserved": "2017-12-13T00:00:00.000Z", "dateUpdated": "2024-09-17T04:19:23.303Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:app_connect:*:*:*:*:*:*:*:*", "matchCriteriaId": "422EF257-D52F-4F33-A601-1D57F0DD9C9F", "versionEndIncluding": "11.0.0.1", "versionStartIncluding": "11.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3971EC2-F555-4EF6-8E28-B352EFFBDEE0", "versionEndIncluding": "9.0.0.10", "versionStartIncluding": "9.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC41C1D4-3752-413D-96A1-2349C7E89E1A", "versionEndIncluding": "10.0.0.13", "versionStartIncluding": "10.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:websphere_message_broker:*:*:*:*:*:*:*:*", "matchCriteriaId": "371E38F9-286D-4D31-A654-1970EFD8BDEB", "versionEndIncluding": "8.0.0.9", "versionStartIncluding": "8.0.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639."}, {"lang": "es", "value": "IBM App Connect, desde la versi\u00f3n V11.0.0.0 hasta la V11.0.0.1; IBM Integration Bus, desde la versi\u00f3n V10.0.0.0 hasta la V10.0.0.13; IBM Integration Bus, desde la versi\u00f3n V9.0.0.0 hasta la V9.0.0.10; y WebSphere Message Broker, desde la versi\u00f3n V8.0.0.0 hasta la V8.0.0.9, es vulnerable a un ataque XXE (XML External Entity) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para consumir recursos de la memoria. IBM X-Force ID: 149639."}], "id": "CVE-2018-1801", "lastModified": "2024-11-21T04:00:23.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-04T21:29:00.427", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=ibm10795780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149639"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}