VDB
CVE-2023-27554
CVE-2023-27554
PUBLISHED
Es existiert eine Schwachstelle in IBM WebSphere Application Server. Der Fehler besteht aufgrund eines XML External Entity Injection (XXE)-Angriffs bei der Verarbeitung von XML-Daten. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsmaßnahmen zu umgehen und um Speicherressourcen zu verbrauchen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.
EPSS 0.01% · 2.3th percentile
Risk Scores
EPSS Score
0.01%
2.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM Tivoli Monitoring 6.3.0.7 | |
| IBM | IBM Business Automation Workflow 19.0.0.3 | |
| IBM | IBM Maximo Asset Management 7.6.1 | |
| IBM | IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 | |
| HCL | HCL Commerce | |
| HCL | HCL Commerce <9.1.13 | |
| IBM | IBM WebSphere Service Registry and Repository 8.5.x | |
| IBM | IBM Tivoli Netcool/OMNIbus 8.1.0 | |
| IBM | IBM WebSphere Service Registry and Repository 8.0.x | |
| IBM | IBM Business Automation Workflow 22.0.1 | |
| IBM | IBM Business Automation Workflow 20.0.0.2 | |
| IBM | IBM Business Automation Workflow 20.0.0.1 | |
| IBM | IBM Rational ClearQuest | |
| IBM | IBM Rational ClearCase | |
| IBM | IBM Business Automation Workflow 22.0.2 | |
| IBM | IBM Business Automation Workflow 21.0.2 | |
| IBM | IBM Business Automation Workflow 19.0.0.2 | |
| HCL | HCL Commerce <9.0.1.21 | |
| IBM | IBM WebSphere Application Server 8.5 | |
| IBM | IBM Business Automation Workflow 19.0.0.1 |
…and 7 more
Timeline
- May 10, 2023 CVE Published
- May 12, 2023 EPSS Score
- Jun 18, 2023 EPSS Score
- Jul 24, 2023 EPSS Score
- Aug 30, 2023 EPSS Score
- Oct 6, 2023 EPSS Score
- Nov 11, 2023 EPSS Score
- Dec 18, 2023 EPSS Score
- Jan 24, 2024 EPSS Score
- Mar 1, 2024 EPSS Score
- Apr 6, 2024 EPSS Score
- May 13, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1197.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1197 advisory
- https://www.ibm.com/support/pages/node/6989451 advisory
- https://www.ibm.com/support/pages/node/6989657 advisory
- https://www.ibm.com/support/pages/node/6991281 advisory
- https://www.ibm.com/support/pages/node/6994793 advisory
- https://www.ibm.com/support/pages/node/6995531 advisory
- https://www.ibm.com/support/pages/node/6997097 advisory
- https://www.ibm.com/support/pages/node/6999547 advisory
- https://www.ibm.com/support/pages/node/6999299 advisory
- https://www.ibm.com/support/pages/node/7004187 advisory
- https://www.ibm.com/support/pages/node/7027925 advisory
- https://support.hcltechsw.com/community?id=community_blog&sys_id=72d68adf1bf5c29c574121f7ec4bcbdb advisory
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112204 advisory