Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-32327

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.

Published

2024-02-03T01:15:08.653

Last Modified

2024-11-21T08:03:07.220

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	security_verify_access	≤ 10.0.6.1	Yes
Application	ibm	security_verify_access_docker	≤ 10.0.6.1	Yes

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/254783 VDB Entry, Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/7106586 Patch, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/254783 VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/7106586 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)