Description

IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.

Remediation

References

CVE-2019-4707

Related Vulnerabilities

MySQL CVE-2014-4287 Vulnerability (CVE-2014-4287)

WordPress Plugin Breezing Forms Cross-Site Scripting (1.2.7.42)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-0218)

WordPress Plugin WPS Child Theme Generator Directory Traversal (1.1)

WordPress Plugin SMTP Mailer Cross-Site Request Forgery (1.0.6)

Severity

High

Classification

CVE-2019-4707 CWE-611 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities