CVE-2024-27266
HIGH WAF: High
CVSS 8.2
Published: 2024-03-14
CWE-611
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| ibm | maximo_application_suite | 7.6.1.3 |
References
- exchange.xforce.ibmcloud.com (VDB Entry, Vendor Advisory)
- www.ibm.com (Patch, Vendor Advisory)