IBM Storage Protect HSM for Windows can be affected by a security flaw in Apache Xerces C++ XML parser. The flaw can lead to arbitrary code execution, as described in the “Vulnerability Details” section. CVE-2024-23807.
CVEID:CVE-2024-23807
**DESCRIPTION:**Apache Xerces C++ XML parser could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw during the scanning of external DTDs. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/283301 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Storage Protect HSM for Windows | 8.1.0.0 - 8.1.22.0 |
IBM strongly recommends addressing the vulnerabilities now by upgrading.
Product | Fixing Level | Platform | Link to Fix and Instructions |
---|---|---|---|
IBM Storage Protect HSM for Windows | 8.1.23 | Windows | <https://www.ibm.com/support/pages/node/7157150> |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm storage protect hsm for windows | eq | 8.1.23 |