XML Injection (aka Blind XPath Injection)

CVE-2024-47113

High

8.1/10

Summary

IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-91 - XML Injection (aka Blind XPath Injection)

The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

References

Advisory Timeline

Published Jan 18, 2025

XML Injection (aka Blind XPath Injection)

CVE-2024-47113

Summary

CWE-91 - XML Injection (aka Blind XPath Injection)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS