High severity8.2NVD Advisory· Published May 22, 2017· Updated Jun 17, 2026
CVE-2017-1289
CVE-2017-1289
Description
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31cpe:2.3:a:ibm:sdk:*:service_refresh_10_fp1:*:*:java_technology_edition:*:*:*+ 4 more
- cpe:2.3:a:ibm:sdk:*:service_refresh_10_fp1:*:*:java_technology_edition:*:*:*range: <=7
- cpe:2.3:a:ibm:sdk:*:service_refresh_16_fp41:*:*:java_technology_edition:*:*:*range: <=6
- cpe:2.3:a:ibm:sdk:*:service_refresh_4_fp1:*:*:java_technology_edition:*:*:*range: <=7r1
- cpe:2.3:a:ibm:sdk:*:service_refresh_4_fp2:*:*:java_technology_edition:*:*:*range: <=8
- cpe:2.3:a:ibm:sdk:*:service_refresh_8_fp41:*:*:java_technology_edition:*:*:*range: <=6r1
- osv-coords24 versionspkg:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012pkg:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/java-1_6_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/java-1_7_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/java-1_7_1-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2
< 1.6.0_sr16.45-49.1+ 23 more
- (no CPE)range: < 1.6.0_sr16.45-49.1
- (no CPE)range: < 1.6.0_sr16.45-84.1
- (no CPE)range: < 1.6.0_sr16.45-84.1
- (no CPE)range: < 1.6.0_sr16.45-84.1
- (no CPE)range: < 1.7.0_sr10.5-64.1
- (no CPE)range: < 1.7.0_sr10.5-64.1
- (no CPE)range: < 1.7.0_sr10.5-64.1
- (no CPE)range: < 1.7.1_sr4.5-25.1
- (no CPE)range: < 1.7.1_sr4.5-37.1
- (no CPE)range: < 1.7.1_sr4.5-37.1
- (no CPE)range: < 1.7.1_sr4.5-37.1
- (no CPE)range: < 1.7.1_sr4.5-25.1
- (no CPE)range: < 1.7.1_sr4.5-37.1
- (no CPE)range: < 1.7.1_sr4.5-37.1
- (no CPE)range: < 1.7.1_sr4.5-37.1
- (no CPE)range: < 1.7.1_sr4.5-25.1
- (no CPE)range: < 1.7.1_sr4.5-37.1
- (no CPE)range: < 1.7.1_sr4.5-37.1
- (no CPE)range: < 1.8.0_sr4.5-29.1
- (no CPE)range: < 1.8.0_sr4.5-29.1
- (no CPE)range: < 1.8.0_sr4.5-29.1
- (no CPE)range: < 1.8.0_sr4.5-29.1
- (no CPE)range: < 1.8.0_sr4.5-29.1
- (no CPE)range: < 1.8.0_sr4.5-29.1
- IBM Corporation/Runtimes for Java Technologyv5Range: 6.0, 6.1, 7.0, 7.1, 8.0
Patches
Vulnerability mechanics
References
6- www.ibm.com/support/docview.wssnvdPatchVendor Advisory
- www.securityfocus.com/bid/98401nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:1220nvd
- access.redhat.com/errata/RHSA-2017:1221nvd
- access.redhat.com/errata/RHSA-2017:1222nvd
- access.redhat.com/errata/RHSA-2017:3453nvd
News mentions
0No linked articles in our index yet.