CVE-2017-1254XML External Entity (XXE) Injection in IBM Security Guardium

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.5%
top 35.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Guardium
Timeline
PublishedJul 5
Latest updateMay 17

Description

IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 124634.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5ibm/security_guardium4 versions+3
NVDibm/security_guardium4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-v3xc-f323-99x9: IBM Security Guardium 102022-05-17
CVEList
CVE-2017-1254: IBM Security Guardium 102017-07-05
CVE-2017-1254 — XML External Entity (XXE) Injection | cvebase