9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
0.001 Low
EPSS
Percentile
47.6%
IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability. This has been addressed in the remediation section.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Product(s) | Version(s) |
---|---|
Jazz for Service Management | 1.1.3 |
Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
---|---|---|
Jazz for Service Management version 1.1.3.7 - 1.1.3.18 | Websphere Application Server Full Profile 9.0 | Security Bulletin: IBM WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2023-27554) |
Jazz for Service Management version 1.1.3- 1.1.3.14 |
Websphere Application Server Full Profile 8.5.5
None
CPE | Name | Operator | Version |
---|---|---|---|
jazz for service management | eq | 1.1.3. |
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
0.001 Low
EPSS
Percentile
47.6%