Systems Affected
• IBM WebSphere Lombardi Edition Version 7.2
Threat Level
Overview
An Information Disclosure Vulnerability has been reported in IBM WebSphere which could allow a remote attacker to gain sensitive information by executing specially-crafted XML data
Description
Insufficient input validation exists in callService.do when processing URL parameters in XML entity as service inputs.
A remote attacker could exploit this issue by triggering XML External Entity (XXE) error (service failure error) while processing XML data to obtain sensitive information on the target system .
Impact
Solution/ Workarounds
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
References
http://www.cert-in.org.in/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|