IBM Security Access Manager Container Vulnerable to XML External Entity Injection Attack
CVE-2023-32327

7.1HIGH

Key Information:

Vendor: IBM
Status: Security Verify Access Appliance; Security Verify Access Docker
Vendor: CVE Published:; 3 February 2024

Summary

The XML External Entity Injection vulnerability identified in IBM Security Access Manager Container, specifically in versions 10.0.0.0 through 10.0.6.1 for both the Access Appliance and Docker, allows remote attackers to exploit the product's XML data processing capabilities. This exploitation could lead to the exposure of sensitive data or excessive memory usage, thereby potentially compromising system integrity and performance. It is crucial for users of the affected products to implement necessary security measures to mitigate risks associated with this vulnerability. For further information, refer to IBM's security advisory and vulnerability database entry.

Affected Version(s)

Security Verify Access Appliance 10.0.0.0 <= 10.0.6.1

Security Verify Access Docker 10.0.0.0 <= 10.0.6.1

References

https://www.ibm.com/support/pages/node/7106586

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/254783

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2024
Vulnerability Reserved
May 8, 2023