PT-2019-10013 · Ibm · Ibm Security Identity Manager

Chris Shepherd

Publicado

2019-01-18

Atualizado

2019-10-09

CVE-2018-2019

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions: IBM Security Identity Manager version 6.0.0 Virtual Appliance

Description: The issue allows a remote attacker to exploit the vulnerability to expose sensitive information or consume memory resources through a XML External Entity Injection (XXE) attack when processing XML data.

Recommendations: For IBM Security Identity Manager version 6.0.0 Virtual Appliance, consider disabling XML data processing until a patch is available to prevent XXE attacks. Restrict access to sensitive information and monitor memory resources to minimize the risk of exploitation.

Exploit

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2018-2019

Produtos afetados

Ibm Security Identity Manager

PT-2019-10013 · Ibm · Ibm Security Identity Manager

CVE-2018-2019

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6