Allele Security Alert
ASA-2019-00252
Identifier(s)
ASA-2019-00252, CVE-2015-1832
Title
Apache Derby XML External Entity (XXE) information disclosure
Vendor(s)
IBM
Product(s)
IBM Planning Analytics
Affected version(s)
IBM Planning Analytics versions 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5 and 2.0.6
Fixed version(s)
IBM Planning Analytics version 2.0.7
Proof of concept
Unknown
Description
Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.
Technical details
Unknown
Credits
Unknown
Reference(s)
Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics
https://www-01.ibm.com/support/docview.wss?uid=ibm10879407
Apache Derby XXE information disclosure
https://exchange.xforce.ibmcloud.com/vulnerabilities/115625
CVE-2015-1832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1832
CVE-2015-1832
https://nvd.nist.gov/vuln/detail/CVE-2015-1832
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 3, 2019