Описание
IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883.
Ссылки
- VDB EntryVendor Advisory
- PatchVendor Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.8.2 (исключая)
Одновременно
cpe:2.3:a:ibm:security_verify_privilege_manager:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
5.7 Medium
CVSS3
4.4 Medium
CVSS3
3.6 Low
CVSS2
Дефекты
CWE-611
Связанные уязвимости
github
больше 3 лет назад
IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 184883.
EPSS
Процентиль: 12%
0.00041
Низкий
5.7 Medium
CVSS3
4.4 Medium
CVSS3
3.6 Low
CVSS2
Дефекты
CWE-611