Описание
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.
Ссылки
- VDB EntryVendor Advisory
- Vendor Advisory
- Vendor Advisory
- VDB EntryVendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.2 High
CVSS3
8.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.
EPSS
8.2 High
CVSS3
8.2 High
CVSS3
6.4 Medium
CVSS2