CVE-2024-47113

Name of the Vulnerable Software and Affected Versions IBM ICP - Voice Gateway versions 1.0.2 through 1.0.8

Description The issue is related to the failure to neutralize special elements used in XML, which could allow a remote attacker to send specially crafted XML statements and view or modify information in the XML document. This could potentially allow the attacker to elevate their privileges.

Recommendations For versions 1.0.2 through 1.0.8, consider disabling the processing of external XML statements until a patch is available to prevent potential exploitation. Restrict access to the XML document to minimize the risk of unauthorized modification or viewing. Avoid using specially crafted XML statements in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.