PT-2019-16873 · Ibm · Ibm I2 Intelligent Analyis Platform

Jose Castro Almeida

Publicado

2019-07-30

Atualizado

2023-02-03

CVE-2019-4062

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions IBM i2 Intelligent Analyis Platform versions 9.0.0 through 9.1.1

Description The issue is related to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory resources.

Recommendations For IBM i2 Intelligent Analyis Platform versions 9.0.0 through 9.1.1, consider disabling XML data processing until a patch is available to prevent potential XXE attacks. Restrict access to sensitive information and monitor memory resources to minimize the risk of exploitation.

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2019-4062

Produtos afetados

Ibm I2 Intelligent Analyis Platform

PT-2019-16873 · Ibm · Ibm I2 Intelligent Analyis Platform

CVE-2019-4062

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5