CVE-2024-47113
Published: 18 January 2025
Description
IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.
Security Summary
CVE-2024-47113 is an XML injection vulnerability (CWE-91) affecting IBM ICP Voice Gateway versions 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.7.1, and 1.0.8. It enables a remote attacker to send specially crafted XML statements, allowing them to view or modify information within the XML document. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality and integrity.
An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network without requiring user interaction. Successful exploitation allows the attacker to read sensitive data or alter XML content, potentially leading to unauthorized data exposure or manipulation within the affected Voice Gateway component.
The IBM security advisory at https://www.ibm.com/support/pages/node/7175791 provides details on mitigation, including available patches and recommended actions for affected versions.
Details
- CWE(s)