Skip to main content

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVE-2012-3340

Severity Medium
Score 4.3/10

Summary

IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

References

Advisory Timeline

  • Published