XML External Entity Injection Vulnerability in IBM Intelligent Operations Center
CVE-2019-4419

7.1HIGH

Key Information:

Vendor: IBM
Status: Intelligent Operations Center
Vendor: CVE Published:; 20 August 2019

What is CVE-2019-4419?

The IBM Intelligent Operations Center from version 5.1.0 to 5.2.0 is susceptible to an XML External Entity Injection (XXE) vulnerability. This vulnerability allows remote attackers to exploit XML data processing weaknesses, potentially leading to the unauthorized exposure of sensitive information or excessive consumption of memory resources. Security precautions should be taken to mitigate such risks.

Affected Version(s)

Intelligent Operations Center 5.1.0

Intelligent Operations Center 5.1.0.1

Intelligent Operations Center 5.1.0.2

References

https://www.ibm.com/support/docview.wss?uid=ibm10956433

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/162737

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2019
Vulnerability Reserved
Jan 3, 2019