Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM647FA94804D463A2F3250A66D1DE3B816AA0C837BA0A74613BADFBA1B9AEA6B5
HistoryJun 17, 2024 - 3:46 p.m.

Security Bulletin: A vulnerability in Apache Xerces C++ XML parser may affect IBM Storage Protect HSM for Windows

2024-06-1715:46:17
www.ibm.com
1
ibm storage protect hsm
windows
apache xerces c++
vulnerability
remote code execution

8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Summary

IBM Storage Protect HSM for Windows can be affected by a security flaw in Apache Xerces C++ XML parser. The flaw can lead to arbitrary code execution, as described in the “Vulnerability Details” section. CVE-2024-23807.

Vulnerability Details

CVEID:CVE-2024-23807
**DESCRIPTION:**Apache Xerces C++ XML parser could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw during the scanning of external DTDs. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283301 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Storage Protect HSM for Windows 8.1.0.0 - 8.1.22.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerabilities now by upgrading.

Product Fixing Level Platform Link to Fix and Instructions
IBM Storage Protect HSM for Windows 8.1.23 Windows <https://www.ibm.com/support/pages/node/7157150&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmstorage_protectMatch8.1.23

Related

nessus 1
osv 1
amazon 1
ubuntucve 1
nvd 1
cvelist 1
redhatcve 1
prion 1
cve 1
ibm 3
nessus
nessus
Amazon Linux 2 : xerces-c (ALAS-2024-2476)
2024-03-05 00:00:00
osv
osv
CVE-2024-23807
2024-02-29 01:44:10
amazon
amazon
Medium: xerces-c
2024-02-29 10:03:00
ubuntucve
ubuntucve
CVE-2024-23807
2024-02-29 00:00:00
nvd
nvd
CVE-2024-23807
2024-02-29 01:44:10
cvelist
cvelist
CVE-2024-23807 Apache Xerces C++: Use-after-free on external DTD scan
2024-02-28 13:50:39
redhatcve
redhatcve
CVE-2024-23807
2024-02-16 18:20:56
prion
prion
Design/Logic Flaw
2024-02-29 01:44:00
cve
cve
CVE-2024-23807
2024-02-29 01:44:10
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V
2024-06-18 22:03:25
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware
2024-06-18 21:04:23
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect Backup-Archive Client
2024-06-18 20:51:39

8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for 647FA94804D463A2F3250A66D1DE3B816AA0C837BA0A74613BADFBA1B9AEA6B5
nessus1osv1amazon1ubuntucve1nvd1cvelist1redhatcve1prion1cve1ibm3