9.1
CVE-2024-47113
- EPSS 0.11%
- Published 18.01.2025 16:15:38
- Last modified 18.08.2025 17:56:11
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ Voice Gateway Version1.0.2
Ibm ≫ Voice Gateway Version1.0.2.4
Ibm ≫ Voice Gateway Version1.0.3
Ibm ≫ Voice Gateway Version1.0.4
Ibm ≫ Voice Gateway Version1.0.5
Ibm ≫ Voice Gateway Version1.0.6
Ibm ≫ Voice Gateway Version1.0.7
Ibm ≫ Voice Gateway Version1.0.7.1
Ibm ≫ Voice Gateway Version1.0.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.11% | 0.297 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
psirt@us.ibm.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-91 XML Injection (aka Blind XPath Injection)
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.