XML External Entity Injection Vulnerability in IBM Daeja ViewONE
CVE-2019-4456

7.1HIGH

Key Information:

Vendor: IBM
Status: Daeja Viewone
Vendor: CVE Published:; 30 July 2019

What is CVE-2019-4456?

IBM Daeja ViewONE products, specifically versions 5.0.5 and 5.0.6, contain a vulnerability that allows for XML External Entity Injection (XXE) when processing XML data. This flaw can be exploited by remote attackers, potentially leading to the disclosure of sensitive information or the exhaustion of memory resources. To mitigate this risk, users are advised to apply the necessary security patches and follow best practices for XML processing.

Affected Version(s)

Daeja ViewONE 5.0.5

Daeja ViewONE 5.0.6

References

https://www.ibm.com/support/docview.wss?uid=ibm10959177

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/163620

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2019
Vulnerability Reserved
Jan 3, 2019