CVE-2024-54171

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
7.1HIGH
EPSS
0.0%
top 91.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Entirex
Timeline
PublishedFeb 6

Description

IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5ibm/entirex11.1
NVDibm/entirex11.1

🔴Vulnerability Details

2
GHSA
GHSA-xph3-7hr2-g2jm: IBM EntireX 112025-02-06
CVEList
IBM EntireX XML external entity injection2025-02-06
CVE-2024-54171 (HIGH CVSS 7.1) | IBM EntireX 11.1 is vulnerable to a | cvebase.io