Security Bulletin: There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40705)
Discription

## Summary

There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite.

## Vulnerability Details

** CVEID: **[CVE-2022-40705]()
** DESCRIPTION: **Apache SOAP is vulnerable to an XML external entity injection (XXE) attack when processing XML data, caused by a weakly configured XML parser in RPCRouterServlet. By using specially-crafted XML content in the configuration file, a remote attacker could exploit this vulnerability to read arbitrary files.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236814]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

## Affected Products and Versions

**Product versions affected:**

Affected Product(s)| Version(s)
—|—
Maximo Manage Application in IBM Maximo Application Suite| MAS 8.8-Manage 8.4

## Remediation/Fixes

**For IBM Maximo Manage application in IBM Maximo Application Suite:**

MAS| Manage Patch Fix or Release
—|—
8.8| 8.4.5 or latest (available from the Catalog under Update Available)
8.9| 8.5 or latest (available from the Catalog under Update Available)

## Workarounds and Mitigations

None

##Read More

Back to Main

Subscribe for the latest news: