CVE-2019-4707

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
7.1HIGH
EPSS
0.6%
top 30.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Security Access Manager ApplianceIBM Security Access Manager
Timeline
PublishedJan 28
Latest updateMay 24

Description

IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-4573-64w5-5533: IBM Security Access Manager Appliance 92022-05-24
CVEList
CVE-2019-4707: IBM Security Access Manager Appliance 92020-01-28
CVE-2019-4707 (HIGH CVSS 7.1) | IBM Security Access Manager Applian | cvebase.io