CVE-2019-4707: XEE
First published: Mon Jan 27 2020(Updated: )
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Security Access Manager | =9.0.7.0 | |
| <=9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-4707.
What is the title of the vulnerability?
The title of the vulnerability is IBM Security Access Manager Appliance is vulnerable to an XML External Entity Injection (XXE) attack.
What is the severity level of CVE-2019-4707?
The severity level of CVE-2019-4707 is high (7.1).
How can this vulnerability be exploited?
This vulnerability can be exploited through an XML External Entity Injection (XXE) attack when processing XML data.
Is there a patch available for this vulnerability?
Yes, IBM has released a patch for this vulnerability. You can download it from the official IBM Support website.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm security access manager
- version/ibm security access manager/9.0.7.0
- canonical/ibm isam
- version/ibm isam/9.0