IBM Security Identity Manager CVE-2018-2019 XML External Entity Injection Vulnerability
BID:106657
CVE-2018-2019 |Info
IBM Security Identity Manager CVE-2018-2019 XML External Entity Injection Vulnerability
| Bugtraq ID: | 106657 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-2019 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 10 2019 12:00AM |
| Updated: | Jan 10 2019 12:00AM |
| Credit: | Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd and Dmitriy Beryoza from IBM X-Force Ethical Hacking Team. |
| Vulnerable: |
IBM Security Identity Manager 6.0 2 IBM Security Identity Manager 6.0 0 IBM Security Identity Manager 6.0.0.6 IBM Security Identity Manager 6.0.0.5 IBM Security Identity Manager 6.0.0.4 IBM Security Identity Manager 6.0.0.3 IBM Security Identity Manager 6.0.0.20 IBM Security Identity Manager 6.0.0.19 IBM Security Identity Manager 6.0.0.18 IBM Security Identity Manager 6.0.0.14 IBM Security Identity Manager 6.0.0.10 IBM Security Identity Manager 6.0.0.1 IBM Security Identity Manager 6.0.0 |
| Not Vulnerable: |
IBM Security Identity Manager 6.0.0.21 |
Discussion
IBM Security Identity Manager CVE-2018-2019 XML External Entity Injection Vulnerability
IBM Security Identity Manager is prone to XML External Entity injection vulnerability.
Attackers can exploit this issue to gain access to sensitive information or consume memory resources.
IBM Security Identity Manager version 6.0.0 through 6.0.020 are vulnerable.
IBM Security Identity Manager is prone to XML External Entity injection vulnerability.
Attackers can exploit this issue to gain access to sensitive information or consume memory resources.
IBM Security Identity Manager version 6.0.0 through 6.0.020 are vulnerable.
References
IBM Security Identity Manager CVE-2018-2019 XML External Entity Injection Vulnerability
References:
References: