CVE-2023-32327

Name of the Vulnerable Software and Affected Versions IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1 IBM Security Verify Access Docker versions 10.0.0.0 through 10.0.6.1

Description The issue is related to the incorrect restriction of XML external entity references in the IBM Security Verify Access Docker, which is part of the IBM Security Verify Access system. This can allow a remote attacker to conduct XML External Entity (XXE) attacks, potentially exposing sensitive information or consuming memory resources.

Recommendations For IBM Security Verify Access Appliance versions 10.0.0.0 through 10.0.6.1, update to a version that includes the fix for this issue. For IBM Security Verify Access Docker versions 10.0.0.0 through 10.0.6.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting XML data processing to minimize the risk of exploitation.