4.3

CVE-2013-5372

EPSS 1.73%
Published 19.10.2013 10:36:07
Last modified 11.04.2025 00:51:21
Source psirt@us.ibm.com
Teams watchlist Login
Open Login

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document that triggers expansion for many entities.

Affected products Warnungen 0 Metrics 2 CWE 0 References 15

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Websphere Message Broker Version6.1

Ibm ≫ Websphere Message Broker Version6.1.0.1

Ibm ≫ Websphere Message Broker Version6.1.0.2

Ibm ≫ Websphere Message Broker Version6.1.0.3

Ibm ≫ Websphere Message Broker Version6.1.0.4

Ibm ≫ Websphere Message Broker Version6.1.0.5

Ibm ≫ Websphere Message Broker Version6.1.0.6

Ibm ≫ Websphere Message Broker Version6.1.0.7

Ibm ≫ Websphere Message Broker Version6.1.0.8

Ibm ≫ Websphere Message Broker Version6.1.0.9

Ibm ≫ Websphere Message Broker Version6.1.0.10

Ibm ≫ Websphere Message Broker Version6.1.0.11

Ibm ≫ Websphere Message Broker Version8.0

Ibm ≫ Websphere Message Broker Version8.0.0.1

Ibm ≫ Websphere Message Broker Version8.0.0.2

Ibm ≫ Websphere Message Broker Version8.0.0.3

Ibm ≫ Websphere Message Broker Version7.0.

Ibm ≫ Websphere Message Broker Version7.0.0.1

Ibm ≫ Websphere Message Broker Version7.0.0.2

Ibm ≫ Websphere Message Broker Version7.0.0.3

Ibm ≫ Websphere Message Broker Version7.0.0.4

Ibm ≫ Websphere Message Broker Version7.0.0.5

Ibm ≫ Websphere Message Broker Version7.0.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.73%	0.817

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html

http://rhn.redhat.com/errata/RHSA-2013-1507.html

http://rhn.redhat.com/errata/RHSA-2013-1508.html

http://rhn.redhat.com/errata/RHSA-2013-1509.html

http://rhn.redhat.com/errata/RHSA-2013-1793.html

http://secunia.com/advisories/56338

http://www-01.ibm.com/support/docview.wss?uid=swg21655201

http://www-01.ibm.com/support/docview.wss?uid=swg1IC96473

http://www-01.ibm.com/support/docview.wss?uid=swg21653087

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21655202

https://exchange.xforce.ibmcloud.com/vulnerabilities/86662

https://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2013

https://nvd.nist.gov/vuln/detail/CVE-2013-5372

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-5372

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-5372

EUVD