Headline
CVE-2022-32755: IBM Security Directory Server external entity injection CVE-2022-32755 Vulnerability Report
IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.
{{’LEARN_MORE_LABEL’ | translate}}
{{’LABEL_REQUEST_ACCESS’ | translate}} {{’LEARN_MORE_LABEL’ | translate}}
Related news
CVE-2022-33165: IBM Security Verify Directory products have multiple security vulnerabilities (CVE-2022-33164, CVE-2022-33168, CVE-2022-33161, CVE-2022-32755)
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.