Description
IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/1077045
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/165812
Scores
CVSS v3
7.1
EPSS
0.0123
EPSS Percentile
64.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Details
CWE
CWE-91
Status
published
Products (1)
ibm/security_directory_server
6.4.0
Published
Oct 02, 2019
Tracked Since
Feb 18, 2026