CVE-2023-32327

IBM Security Access Manager Container XML external entity injection

CVSS 7.1 HIGHEPSS 1.0%CWE-611

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.1EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

03 Feb 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Affected products

IBM · Security Verify Access Appliance IBM · Security Verify Access Docker

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2024/Nov/0 https://exchange.xforce.ibmcloud.com/vulnerabilities/254783 https://www.ibm.com/support/pages/node/7106586