NOTE: The vendor disputes this issues as not being a vulnerability because ?All attacks that use external entities are blocked (no external DTD
This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks (i.e., SSRF with resultant remote code execution). ** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. NOTE: The vendor disputes this issues as not being a vulnerability because “All attacks that use external entities are blocked (no external DTDĬVE Modified by MITRE 12:15:11 PM Action Record truncated, showing 500 of 619 characters. Technical Experience : 1 Experience in Maintaining and monitoring of Apache, Tomcat, Microsoft IIS, Secure Transport Tumbleweed product of Axway vendor IBM Http server, IBM WebSphere Application server, Apache, WebLogic Application server, Boss Application server, Microsoft IIS applications to ensure performance and availability -Experience in. View Entire Change Record ** DISPUTED ** Axway SecureTransport 5.x through 5.3 (or 5.x through 5.5 with certain API configuration) is vulnerable to unauthenticated blind XML injection (and XXE) in the resetPassword functionality via the REST API. Record truncated, showing 500 of 619 characters. Please address comments about this page to Third Party Advisory Further, NIST does notĮndorse any commercial products that may be mentioned on Not necessarily endorse the views expressed, or concur with Sites that are more appropriate for your purpose. Inferences should be drawn on account of other sites being May have information that would be of interest to you. We have provided these links to other web sites because they References to Advisories, Solutions, and Toolsīy selecting these links, you will be leaving NIST webspace.