CVE-2023-25926

HIGH Year: 2023
CVSS v3 Score
8.2
High
Weakness Type
CWE-611
View all →

Vulnerability Description

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 247599.

Related Vulnerabilities

CVE-2017-1192

HIGH
CVSS:8.2(High)

IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive i...

CWE-6112017

CVE-2017-12069

HIGH
CVSS:8.2(High)

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 ...

CWE-6112017

CVE-2017-1289

HIGH
CVSS:8.2(High)

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informa...

CWE-6112017

CVE-2017-1322

HIGH
CVSS:8.2(High)

IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informati...

CWE-6112017

CVE-2017-5992

HIGH
CVSS:8.2(High)

Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document.

CWE-6112017

CVE-2018-12585

HIGH
CVSS:8.2(High)

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.

CWE-6112018