CVE-2013-5452

EUVD-2013-5292
IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
ibmfilenet_business_process_framework
4.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PJ40949
http://www-01.ibm.com/support/docview.wss?uid=swg21660343
http://www-304.ibm.com/support/docview.wss?uid=swg21963014
http://www.securitytracker.com/id/1033734
https://exchange.xforce.ibmcloud.com/vulnerabilities/88192
http://www-01.ibm.com/support/docview.wss?uid=swg1PJ40949
http://www-01.ibm.com/support/docview.wss?uid=swg21660343
http://www-304.ibm.com/support/docview.wss?uid=swg21963014
http://www.securitytracker.com/id/1033734
https://exchange.xforce.ibmcloud.com/vulnerabilities/88192