CVE-2024-54171

Published Feb 6, 2025

Last updated 21 days ago

CVSS high 7.1

Overview

Description
IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Source
psirt@us.ibm.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
7.1
Impact score
4.2
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Severity
HIGH

Weaknesses

psirt@us.ibm.com
CWE-611

Social media

Hype score
Not currently trending

  1. CVE-2024-54171 IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability t… https://t.co/trBfPi3VWD

    @CVEnew

    6 Feb 2025

    326 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References