Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 does not properly detect recursion during XML entity expansion, which allows remote attackers to cause a denial of service (CPU consumption and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
IBM Connections 拒绝服务漏洞
Vulnerability Description
IBM Connections是美国IBM公司一套社交软件平台。该平台提供高级分析和实时数据监测功能,并能通过IBM SmartCloud服务加快组织内外的网络协作。 IBM Connections中存在安全漏洞,该漏洞源于XML实体扩展期间程序没有正确检测递归。远程攻击者可借助包含大量的嵌套实体引用的XML文档利用该漏洞造成拒绝服务(CPU消耗和应用程序崩溃)。以下版本受到影响:IBM Connections 3.0.1.1及之前版本,4.0版本,4.5版本,5.0版本。
CVSS Information
N/A
Vulnerability Type
N/A