ID

VAR-202402-0187


CVE

CVE-2023-32327


TITLE

IBM  of  Security Verify Access  and  Security Verify Access Docker  In  XML  External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-002252

DESCRIPTION

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783

Trust: 1.71

sources: NVD: CVE-2023-32327 // JVNDB: JVNDB-2024-002252 // VULMON: CVE-2023-32327

AFFECTED PRODUCTS

vendor:ibmmodel:security verify access dockerscope:gteversion:10.0.0.0

Trust: 1.0

vendor:ibmmodel:security verify accessscope:gteversion:10.0.0.0

Trust: 1.0

vendor:ibmmodel:security verify access dockerscope:lteversion:10.0.6.1

Trust: 1.0

vendor:ibmmodel:security verify accessscope:lteversion:10.0.6.1

Trust: 1.0

vendor:ibmmodel:security verify access dockerscope:eqversion:10.0.0.0 to 10.0.6.1

Trust: 0.8

vendor:ibmmodel:security verify accessscope:eqversion:10.0.0.0 to 10.0.6.1

Trust: 0.8

vendor:ibmmodel:security verify accessscope:eqversion:docker 10.0.0.0 to 10.0.6.1

Trust: 0.8

sources: JVNDB: JVNDB-2024-002252 // NVD: CVE-2023-32327

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-32327
value: HIGH

Trust: 1.8

psirt@us.ibm.com: CVE-2023-32327
value: HIGH

Trust: 1.0

NVD:
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 2.0

NVD: CVE-2023-32327
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-002252 // NVD: CVE-2023-32327 // NVD: CVE-2023-32327

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.0

problemtype:XML Improper restriction of external entity references (CWE-611) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-002252 // NVD: CVE-2023-32327

PATCH

title:7106586 IBM X-Force Exchangeurl:https://www.ibm.com/support/pages/node/7106586

Trust: 0.8

sources: JVNDB: JVNDB-2024-002252

EXTERNAL IDS

db:NVDid:CVE-2023-32327

Trust: 2.7

db:JVNDBid:JVNDB-2024-002252

Trust: 0.8

db:VULMONid:CVE-2023-32327

Trust: 0.1

sources: VULMON: CVE-2023-32327 // JVNDB: JVNDB-2024-002252 // NVD: CVE-2023-32327

REFERENCES

url:https://www.ibm.com/support/pages/node/7106586

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/254783

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-32327

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/611.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-32327 // JVNDB: JVNDB-2024-002252 // NVD: CVE-2023-32327

SOURCES

db:VULMONid:CVE-2023-32327
db:JVNDBid:JVNDB-2024-002252
db:NVDid:CVE-2023-32327

LAST UPDATE DATE

2024-02-10T23:16:03.025000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-32327date:2024-02-05T00:00:00
db:JVNDBid:JVNDB-2024-002252date:2024-02-09T02:06:00
db:NVDid:CVE-2023-32327date:2024-02-07T16:16:58.450

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-32327date:2024-02-03T00:00:00
db:JVNDBid:JVNDB-2024-002252date:2024-02-09T00:00:00
db:NVDid:CVE-2023-32327date:2024-02-03T01:15:08.653