IBM TRIRIGA Application Platform XML external entity injection
CVE-2023-27876

7.1HIGH

Key Information:

Vendor: IBM
Status: TRIRIGA Application Platform
Vendor: CVE Published:; 7 April 2023

Summary

IBM TRIRIGA 4.0 is susceptible to an XML external entity injection (XXE) vulnerability, which occurs during the processing of XML data. This flaw allows remote attackers to manipulate XML input to exploit underlying systems, potentially leading to sensitive data exposure or the consumption of memory resources, thus jeopardizing the integrity and confidentiality of the affected systems.

Affected Version(s)

TRIRIGA Application Platform 4.0

References

https://www.ibm.com/support/pages/node/6981115

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/249975

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 7, 2023
Vulnerability Reserved
Mar 6, 2023