IBM Security Directory Server 6.4.0 XML Injection (aka Blind XPath Injection) Vulnerability

Summary

IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

Credit:

The information has been provided by Vendor.

The original article can be found at: https://exchange.xforce.ibmcloud.com/vulnerabilities/165812

 


Details

IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.

Vulnerable Systems:

IBM Security Directory Server 6.4.0 

CVE Information:

CVE-2019-4539 

Disclosure Timeline:

Published Date:10/02/2019