9.1

CVE-2024-47113

IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.

Data is provided by the National Vulnerability Database (NVD)
IbmVoice Gateway Version1.0.2
IbmVoice Gateway Version1.0.2.4
IbmVoice Gateway Version1.0.3
IbmVoice Gateway Version1.0.4
IbmVoice Gateway Version1.0.5
IbmVoice Gateway Version1.0.6
IbmVoice Gateway Version1.0.7
IbmVoice Gateway Version1.0.7.1
IbmVoice Gateway Version1.0.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.11% 0.297
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
psirt@us.ibm.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.