XXE Vulnerability in IBM Security Privileged Identity Manager Virtual Appliance
CVE-2016-5971
7.1HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 26 September 2016
Summary
The IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance versions before 2.0.2 FP8 are susceptible to an XML External Entity (XXE) vulnerability, enabling remote authenticated users to access arbitrary files or trigger a denial of service due to excessive memory consumption. This vulnerability arises from improper handling of XML data, where maliciously crafted XML documents can exploit external entity declarations to manipulate the application's behavior, leading to sensitive information exposure or service disruption.
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved