Details of VAR-202402-0187

ID

VAR-202402-0187

CVE

CVE-2023-32327

TITLE

IBM of Security Verify Access and Security Verify Access Docker In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-002252

DESCRIPTION

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783

Trust: 1.71

sources: NVD: CVE-2023-32327 // JVNDB: JVNDB-2024-002252 // VULMON: CVE-2023-32327

AFFECTED PRODUCTS

vendor:	ibm	model:	security verify access docker	scope:	gte	version:	10.0.0.0	Trust: 1.0
vendor:	ibm	model:	security verify access	scope:	gte	version:	10.0.0.0	Trust: 1.0
vendor:	ibm	model:	security verify access docker	scope:	lte	version:	10.0.6.1	Trust: 1.0
vendor:	ibm	model:	security verify access	scope:	lte	version:	10.0.6.1	Trust: 1.0
vendor:	ibm	model:	security verify access docker	scope:	eq	version:	10.0.0.0 to 10.0.6.1	Trust: 0.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	10.0.0.0 to 10.0.6.1	Trust: 0.8
vendor:	ibm	model:	security verify access	scope:	eq	version:	docker 10.0.0.0 to 10.0.6.1	Trust: 0.8

sources: JVNDB: JVNDB-2024-002252 // NVD: CVE-2023-32327

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-32327
value:	HIGH
Trust: 1.8
psirt@us.ibm.com:	CVE-2023-32327
value:	HIGH
Trust: 1.0

NVD:
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	4.2
version:	3.1
Trust: 2.0
NVD:	CVE-2023-32327
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-002252 // NVD: CVE-2023-32327 // NVD: CVE-2023-32327

PROBLEMTYPE DATA

problemtype:	CWE-611	Trust: 1.0
problemtype:	XML Improper restriction of external entity references (CWE-611) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-002252 // NVD: CVE-2023-32327

PATCH

title:

7106586 IBM X-Force Exchange

url:

https://www.ibm.com/support/pages/node/7106586

Trust: 0.8

sources: JVNDB: JVNDB-2024-002252

EXTERNAL IDS

db:	NVD	id:	CVE-2023-32327	Trust: 2.7
db:	JVNDB	id:	JVNDB-2024-002252	Trust: 0.8
db:	VULMON	id:	CVE-2023-32327	Trust: 0.1

sources: VULMON: CVE-2023-32327 // JVNDB: JVNDB-2024-002252 // NVD: CVE-2023-32327

REFERENCES

url:	https://www.ibm.com/support/pages/node/7106586	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/254783	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-32327	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/611.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-32327 // JVNDB: JVNDB-2024-002252 // NVD: CVE-2023-32327

SOURCES

db:	VULMON	id:	CVE-2023-32327
db:	JVNDB	id:	JVNDB-2024-002252
db:	NVD	id:	CVE-2023-32327

LAST UPDATE DATE

2024-02-10T23:16:03.025000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-32327	date:	2024-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2024-002252	date:	2024-02-09T02:06:00
db:	NVD	id:	CVE-2023-32327	date:	2024-02-07T16:16:58.450

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-32327	date:	2024-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2024-002252	date:	2024-02-09T00:00:00
db:	NVD	id:	CVE-2023-32327	date:	2024-02-03T01:15:08.653