CVE-2024-54171

HIGH

IBM EntireX 11.1 - XXE

Title source: llm

Description

IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

References (1)

[Vendor Advisory] https://www.ibm.com/support/pages/node/7182693

Scores

CVSS v3 7.1

EPSS 0.0003

EPSS Percentile 8.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-611

Status published

Products (1)

ibm/entirex 11.1

Published Feb 06, 2025

Tracked Since Feb 18, 2026