There is a potential information disclosure vulnerability in Identity Insight when using web services. The information disclosure is due to an XML external entity (XXE) vulnerability.
CVEID: CVE-2019-4433 DESCRIPTION: IBM InfoSphere Global Name Management is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162890> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
IBM InfoSphere Identity Insight 9.0
IBM InfoSphere Identity Insight 8.1
IBM InfoSphere Identity Insight 9.0
To fix this vulnerability:
javax.xml.accessExternalDTD=“”
javax.xml.accessExternalSchema=“”
javax.xml.accessExternalStylesheet=“”
IBM InfoSphere Identity Insight 8.1
To fix this vulnerability: