CVE-2019-4433
HIGHIBM InfoSphere Global Name Management <6.0 & Identity Insight <9.0 ...
Title source: llmDescription
IBM InfoSphere Global Name Management 5.0 and 6.0 and IBM InfoSphere Identity Insight 8.1 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162890.
References (3)
Core 3
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=ibm10958081
Mitigation, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/docview.wss?uid=ibm10958079
Broken Link, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/162890
Scores
CVSS v3
8.2
EPSS
0.0385
EPSS Percentile
88.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Details
CWE
CWE-611
Status
published
Products (4)
ibm/infosphere_global_name_management
5.0
ibm/infosphere_global_name_management
6.0
ibm/infosphere_identity_insight
8.1
ibm/infosphere_identity_insight
9.0
Published
Aug 20, 2019
Tracked Since
Feb 18, 2026