CVE-2019-4539

IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812.

Published: Oct 2, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-4539
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P

CWEs:

CWE-91

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
ibm / security_directory_server	6.4.0	6.4.0.x

https://exchange.xforce.ibmcloud.com/vulnerabilities/165812
https://www.ibm.com/support/pages/node/1077045

Vulnerability Database

289,871

CVE-2019-4539