PT-2019-10013 · Ibm · Ibm Security Identity Manager

Chris Shepherd

Published

2019-01-18

Updated

2019-10-09

CVE-2018-2019

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions: IBM Security Identity Manager version 6.0.0 Virtual Appliance

Description: The issue allows a remote attacker to exploit the vulnerability to expose sensitive information or consume memory resources through a XML External Entity Injection (XXE) attack when processing XML data.

Recommendations: For IBM Security Identity Manager version 6.0.0 Virtual Appliance, consider disabling XML data processing until a patch is available to prevent XXE attacks. Restrict access to sensitive information and monitor memory resources to minimize the risk of exploitation.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-2019

Affected Products

Ibm Security Identity Manager

PT-2019-10013 · Ibm · Ibm Security Identity Manager

CVE-2018-2019

Weakness Enumeration

Related Identifiers

Affected Products

References · 6