PT-2019-17113 · Ibm · Ibm Security Access Manager For Enterprise Single Sign-On
Lordoza
·
Published
2019-08-26
·
Updated
2022-12-02
·
CVE-2019-4513
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
IBM Security Access Manager for Enterprise Single Sign-On version 8.2.2
Description
The issue allows a remote attacker to expose sensitive information or consume memory resources through an XML External Entity Injection (XXE) attack when processing XML data.
Recommendations
For IBM Security Access Manager for Enterprise Single Sign-On version 8.2.2, consider disabling XML data processing until a patch is available to prevent XXE attacks. Restrict access to sensitive information and monitor memory resources to minimize the risk of exploitation.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Access Manager For Enterprise Single Sign-On