CVE-2019-4539

EUVD-2019-14146
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.
aka Blind XPath Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
ibmCNA
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/PR:L/A:H/I:L/AV:N/S:U/C:N/AC:L/UI:N/E:U/RC:C/RL:O
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
ibmsecurity_directory_server
6.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/165812
https://www.ibm.com/support/pages/node/1077045
https://exchange.xforce.ibmcloud.com/vulnerabilities/165812
https://www.ibm.com/support/pages/node/1077045