Vulnerability Details : CVE-2015-5038
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Vulnerability category: Denial of service
Products affected by CVE-2015-5038
- cpe:2.3:a:ibm:connections:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:connections:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:connections:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:connections:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5038
0.89%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5038
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2015-5038
-
http://www-01.ibm.com/support/docview.wss?uid=swg21971439
IBM Security Bulletin: IBM Connections Security Update (CVE-2015-5035, CVE-2015-5036,CVE-2015-5037,CVE-2015-5038)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1LO87020
IBM notice: The page you requested cannot be displayed
Jump to