CVE-2019-4419

IBM Intelligent Operations Center V5.1.0 through V5.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162737.

Published : 2019-08-20 19:15 Updated : 2019-10-09 23:50

6.4
CVSS Score More info
Score 6.4 / 10
6.4
Vendor Product Version URI
Ibm Intelligent Operations Center 5.1.0 cpe:/a:ibm:intelligent_operations_center:5.1.0
Ibm Intelligent Operations Center 5.1.0.1 cpe:/a:ibm:intelligent_operations_center:5.1.0.1
Ibm Intelligent Operations Center 5.1.0.2 cpe:/a:ibm:intelligent_operations_center:5.1.0.2
Ibm Intelligent Operations Center 5.1.0.3 cpe:/a:ibm:intelligent_operations_center:5.1.0.3
Ibm Intelligent Operations Center 5.1.0.4 cpe:/a:ibm:intelligent_operations_center:5.1.0.4
Ibm Intelligent Operations Center 5.1.0.6 cpe:/a:ibm:intelligent_operations_center:5.1.0.6
Ibm Intelligent Operations Center 5.1.0.7 cpe:/a:ibm:intelligent_operations_center:5.1.0.7
Ibm Intelligent Operations Center 5.1.0.8 cpe:/a:ibm:intelligent_operations_center:5.1.0.8
Ibm Intelligent Operations Center 5.1.0.9 cpe:/a:ibm:intelligent_operations_center:5.1.0.9
Ibm Intelligent Operations Center 5.1.0.10 cpe:/a:ibm:intelligent_operations_center:5.1.0.10
Ibm Intelligent Operations Center 5.1.0.13 cpe:/a:ibm:intelligent_operations_center:5.1.0.13
Ibm Intelligent Operations Center 5.2.0 cpe:/a:ibm:intelligent_operations_center:5.2.0
Ibm Intelligent Operations Center For Emergency Management 5.1.0 cpe:/a:ibm:intelligent_operations_center_for_emergency_management:5.1.0
Ibm Intelligent Operations Center For Emergency Management 5.1.0.3 cpe:/a:ibm:intelligent_operations_center_for_emergency_management:5.1.0.3
Ibm Intelligent Operations Center For Emergency Management 5.1.0.4 cpe:/a:ibm:intelligent_operations_center_for_emergency_management:5.1.0.4
Ibm Intelligent Operations Center For Emergency Management 5.1.0.6 cpe:/a:ibm:intelligent_operations_center_for_emergency_management:5.1.0.6
Ibm Water Operations For Waternamics 5.1.0 cpe:/a:ibm:water_operations_for_waternamics:5.1.0
Ibm Water Operations For Waternamics 5.2.0 cpe:/a:ibm:water_operations_for_waternamics:5.2.0
Ibm Water Operations For Waternamics 5.2.0.1 cpe:/a:ibm:water_operations_for_waternamics:5.2.0.1
Ibm Water Operations For Waternamics 5.2.0.2 cpe:/a:ibm:water_operations_for_waternamics:5.2.0.2
Ibm Water Operations For Waternamics 5.2.0.3 cpe:/a:ibm:water_operations_for_waternamics:5.2.0.3
Ibm Water Operations For Waternamics 5.2.0.4 cpe:/a:ibm:water_operations_for_waternamics:5.2.0.4
Ibm Water Operations For Waternamics 5.2.0.5 cpe:/a:ibm:water_operations_for_waternamics:5.2.0.5
Ibm Water Operations For Waternamics 5.2.0.6 cpe:/a:ibm:water_operations_for_waternamics:5.2.0.6
Ibm Water Operations For Waternamics 5.2.1.1 cpe:/a:ibm:water_operations_for_waternamics:5.2.1.1
  1. Ibm (3) Search CVE
    1. Intelligent Operations Center (12) Search CVE
      1. 5.1.0
      2. 5.1.0.1
      3. 5.1.0.2
      4. 5.1.0.3
      5. 5.1.0.4
      6. 5.1.0.6
      7. 5.1.0.7
      8. 5.1.0.8
      9. 5.1.0.9
      10. 5.1.0.10
      11. 5.1.0.13
      12. 5.2.0
    2. Intelligent Operations Center For Emergency Management (4) Search CVE
      1. 5.1.0
      2. 5.1.0.3
      3. 5.1.0.4
      4. 5.1.0.6
    3. Water Operations For Waternamics (9) Search CVE
      1. 5.1.0
      2. 5.2.0
      3. 5.2.0.1
      4. 5.2.0.2
      5. 5.2.0.3
      6. 5.2.0.4
      7. 5.2.0.5
      8. 5.2.0.6
      9. 5.2.1.1

CWE

ID Name Description Links
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. CVE

History of changes

Date Event
2019-08-23 18:21
2019-08-20 19:40

New CVE