CVE-2019-4539

HIGH

IBM Security Directory Server 6.4.0 - XSS

Title source: llm

Description

IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/1077045

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/165812

Scores

CVSS v3 7.1

EPSS 0.0034

EPSS Percentile 56.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Details

CWE

CWE-91

Status published

Products (1)

ibm/security_directory_server 6.4.0

Published Oct 02, 2019

Tracked Since Feb 18, 2026