Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2024-12704
HistoryMar 06, 2024 - 12:00 a.m.

IBM Security Guardium XML External Entity Injection Vulnerability (CNVD-2024-12704)

2024-03-0600:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
ibm
security guardium
key lifecycle manager
xml
external entity injection
vulnerability
international business machines
data protection
networked system
remote attackers
sensitive information

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

IBM Security Guardium is a suite of platforms from International Business Machines (IBM) that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium Key Lifecycle Manager suffers from an XML External Entity Injection vulnerability that originates when a networked system or product is not set up with the correct filters to allow references to external entities, which can be exploited by remote attackers to expose sensitive information or consume memory resources.

Related

prion 1
nvd 1
cve 1
cvelist 1
ibm 1
prion
prion
Xxe
2024-02-29 01:38:00
nvd
nvd
CVE-2023-25926
2024-02-29 01:38:24
cve
cve
CVE-2023-25926
2024-02-29 01:38:24
cvelist
cvelist
CVE-2023-25926 IBM Security Guardium Key Lifecycle Manager XML external entity injection
2024-02-29 00:27:14
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager (CVE-2023-25921, CVE-2023-25926, CVE-2023-25685, CVE-2023-25922, CVE-2023-25925)
2023-03-20 08:51:19

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CNVD-2024-12704
prion1nvd1cve1cvelist1ibm1