XML External Entity Injection Vulnerability in IBM Engineering Insights
CVE-2024-39726

8.2HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 November 2024

Summary

An XML External Entity Injection (XXE) vulnerability has been identified in IBM Engineering Lifecycle Optimization - Engineering Insights versions 7.0.2 and 7.0.3, which may allow remote attackers to exploit XML data processing weaknesses. This type of attack can lead to the exposure of sensitive information and may enable attackers to consume system memory resources, thereby impacting application performance and integrity.

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.