CVE-2024-47113

EPSS 0.11%
Veröffentlicht 18.01.2025 16:15:38
Zuletzt bearbeitet 18.08.2025 17:56:11
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Voice Gateway Version1.0.2

Ibm ≫ Voice Gateway Version1.0.2.4

Ibm ≫ Voice Gateway Version1.0.3

Ibm ≫ Voice Gateway Version1.0.4

Ibm ≫ Voice Gateway Version1.0.5

Ibm ≫ Voice Gateway Version1.0.6

Ibm ≫ Voice Gateway Version1.0.7

Ibm ≫ Voice Gateway Version1.0.7.1

Ibm ≫ Voice Gateway Version1.0.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.297

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
psirt@us.ibm.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

https://www.ibm.com/support/pages/node/7175791

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-47113

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47113

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47113

EUVD