CVE-2021-38948

Critical

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote…

ibm·CWE-91·Published 2021-11-02

CVSS

9.1

EPSS

0.02

KEV

Exploits

cve.orgen

263 chars

IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 211402.

NVDen

263 chars

NVDes

296 chars

IBM InfoSphere Information Server versión 11.7 es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. IBM X-Force ID: 211402

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P
3.0	Primary	cve.org	7.1	—	—	CVSS:3.0/S:U/AV:N/PR:L/I:N/A:L/AC:L/C:H/UI:N/RL:O/RC:C/E:U