XML External Entity Injection Vulnerability in IBM Security Access Manager Appliance
CVE-2019-4707
7.1HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 28 January 2020
Summary
The IBM Security Access Manager Appliance version 9.0.7.0 is susceptible to an XML External Entity Injection (XXE) attack, which occurs when it processes XML data. A remote attacker can exploit this flaw, potentially leading to the exposure of sensitive information or the consumption of memory resources, thereby affecting the overall functionality and security posture of the appliance.
Affected Version(s)
Security Access Manager Appliance 9.0.7.0
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved