Allele Security Alert
Apache Derby XML External Entity (XXE) information disclosure
IBM Planning Analytics
IBM Planning Analytics versions 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5 and 2.0.6
IBM Planning Analytics version 2.0.7
Proof of concept
Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.
Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics
Apache Derby XXE information disclosure
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 3, 2019