PT-2019-17113 · Ibm · Ibm Security Access Manager For Enterprise Single Sign-On

Lordoza

Publicado

2019-08-26

Atualizado

2022-12-02

CVE-2019-4513

CVSS v3.1

8.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions IBM Security Access Manager for Enterprise Single Sign-On version 8.2.2

Description The issue allows a remote attacker to expose sensitive information or consume memory resources through an XML External Entity Injection (XXE) attack when processing XML data.

Recommendations For IBM Security Access Manager for Enterprise Single Sign-On version 8.2.2, consider disabling XML data processing until a patch is available to prevent XXE attacks. Restrict access to sensitive information and monitor memory resources to minimize the risk of exploitation.

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2019-4513

Produtos afetados

Ibm Security Access Manager For Enterprise Single Sign-On

PT-2019-17113 · Ibm · Ibm Security Access Manager For Enterprise Single Sign-On

CVE-2019-4513

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4