CVE-2019-4456

IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 163620.

Published : 2019-07-30 14:15 Updated : 2019-10-09 23:50

5.5
CVSS Score More info
Score 5.5 / 10
5.5
Vendor Product Version URI
Ibm Daeja Viewone 5.0 cpe:/a:ibm:daeja_viewone:5.0::~~virtual~~~
Ibm Daeja Viewone 5.0.0 cpe:/a:ibm:daeja_viewone:5.0.0::~~professional~~~
Ibm Daeja Viewone 5.0.0 cpe:/a:ibm:daeja_viewone:5.0.0::~~standard~~~
Ibm Daeja Viewone 5.0.0 cpe:/a:ibm:daeja_viewone:5.0.0::~~virtual~~~
Ibm Daeja Viewone 5.0.1 cpe:/a:ibm:daeja_viewone:5.0.1::~~professional~~~
Ibm Daeja Viewone 5.0.1 cpe:/a:ibm:daeja_viewone:5.0.1::~~standard~~~
Ibm Daeja Viewone 5.0.1 cpe:/a:ibm:daeja_viewone:5.0.1::~~virtual~~~
Ibm Daeja Viewone 5.0.2 cpe:/a:ibm:daeja_viewone:5.0.2::~~professional~~~
Ibm Daeja Viewone 5.0.2 cpe:/a:ibm:daeja_viewone:5.0.2::~~standard~~~
Ibm Daeja Viewone 5.0.2 cpe:/a:ibm:daeja_viewone:5.0.2::~~virtual~~~
Ibm Daeja Viewone 5.0.3 cpe:/a:ibm:daeja_viewone:5.0.3::~~professional~~~
Ibm Daeja Viewone 5.0.3 cpe:/a:ibm:daeja_viewone:5.0.3::~~standard~~~
Ibm Daeja Viewone 5.0.3 cpe:/a:ibm:daeja_viewone:5.0.3::~~virtual~~~
Ibm Daeja Viewone 5.0.4 cpe:/a:ibm:daeja_viewone:5.0.4::~~professional~~~
Ibm Daeja Viewone 5.0.4 cpe:/a:ibm:daeja_viewone:5.0.4::~~standard~~~
Ibm Daeja Viewone 5.0.4 cpe:/a:ibm:daeja_viewone:5.0.4::~~virtual~~~
Ibm Daeja Viewone 5.0.5 cpe:/a:ibm:daeja_viewone:5.0.5::~~professional~~~
Ibm Daeja Viewone 5.0.5 cpe:/a:ibm:daeja_viewone:5.0.5::~~standard~~~
Ibm Daeja Viewone 5.0.5 cpe:/a:ibm:daeja_viewone:5.0.5::~~virtual~~~
  1. Ibm (1) Search CVE
    1. Daeja Viewone (7) Search CVE
      1. 5.0
      2. 5.0.0
      3. 5.0.1
      4. 5.0.2
      5. 5.0.3
      6. 5.0.4
      7. 5.0.5

CWE

ID Name Description Links
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. CVE

History of changes

Date Event
2019-07-31 18:32
2019-07-30 15:02

New CVE