Lucene search

K
cveIbmCVE-2023-32327
HistoryFeb 03, 2024 - 1:15 a.m.

CVE-2023-32327

2024-02-0301:15:08
CWE-611
ibm
web.nvd.nist.gov
29
ibm
security
access manager container
verify access
appliance
docker
xxe
xml
injection
vulnerability
remote attack
memory resources
nvd
cve-2023-32327

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

25.0%

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783.

Affected configurations

Nvd
Vulners
Node
ibmsecurity_verify_accessRange10.0.0.010.0.6.1
OR
ibmsecurity_verify_access_dockerRange10.0.0.010.0.6.1
VendorProductVersionCPE
ibmsecurity_verify_access*cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*
ibmsecurity_verify_access_docker*cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Security Verify Access Appliance",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "10.0.6.1",
        "status": "affected",
        "version": "10.0.0.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Security Verify Access Docker",
    "vendor": "IBM",
    "versions": [
      {
        "lessThanOrEqual": "10.0.6.1",
        "status": "affected",
        "version": "10.0.0.0",
        "versionType": "semver"
      }
    ]
  }
]

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

25.0%