XML External Entity Injection Vulnerability in IBM Security Verify Privilege Manager
CVE-2020-4606
5.7MEDIUM
Summary
IBM Security Verify Privilege Manager 10.8 is susceptible to an XML External Entity Injection (XXE) attack, which allows a local attacker to manipulate XML input, potentially leading to the exposure of sensitive data or the consumption of system resources. This vulnerability could be exploited in environments where untrusted XML data is processed, creating significant risks to data confidentiality and system integrity.
Affected Version(s)
Security Verify Privilege Manager 10.8
References
CVSS V3.1
Score:
5.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved