CVE-2019-4539

IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.

Published : 2019-10-02 15:15 Updated : 2019-10-09 23:50

5.5
CVSS Score More info
Score 5.5 / 10
5.5
Vendor Product Version URI
Ibm Security Directory Server 6.4.0 cpe:/a:ibm:security_directory_server:6.4.0
  1. Ibm (1) Search CVE
    1. Security Directory Server (1) Search CVE
      1. 6.4.0

CWE

ID Name Description Links
CWE-91 XML Injection (aka Blind XPath Injection) The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. CVE

History of changes

Date Event
2019-10-03 19:45
2019-10-02 15:45

New CVE