IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 164555.

Published : 2019-08-26 15:15 Updated : 2019-10-09 23:50

CVSS Score More info
Score 6.4 / 10
Vendor Product Version URI
Ibm Security Access Manager For Enterprise Single Sign-on 8.2.2 cpe:/a:ibm:security_access_manager_for_enterprise_single_sign-on:8.2.2
  1. Ibm (1) Search CVE
    1. Security Access Manager For Enterprise Single Sign-on (1) Search CVE
      1. 8.2.2


ID Name Description Links
CWE-611 Improper Restriction of XML External Entity Reference ('XXE') The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. CVE

History of changes

Date Event
2019-08-29 12:45
2019-08-26 15:27