{"containers":{"cna":{"affected":[{"product":"Security Directory Server","vendor":"IBM","versions":[{"status":"affected","version":"6.4.0"}]}],"datePublic":"2019-10-01T00:00:00.000Z","descriptions":[{"lang":"en","value":"IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"NONE","exploitCodeMaturity":"UNPROVEN","integrityImpact":"LOW","privilegesRequired":"LOW","remediationLevel":"OFFICIAL_FIX","reportConfidence":"CONFIRMED","scope":"UNCHANGED","temporalScore":6.2,"temporalSeverity":"MEDIUM","userInteraction":"NONE","vectorString":"CVSS:3.0/PR:L/A:H/I:L/AV:N/S:U/C:N/AC:L/UI:N/E:U/RC:C/RL:O","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"Denial of Service","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-10-02T14:45:29.000Z","orgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","shortName":"ibm"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.ibm.com/support/pages/node/1077045"},{"name":"ibm-sds-cve20194539-xml-injection (165812)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/165812"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@us.ibm.com","DATE_PUBLIC":"2019-10-01T00:00:00","ID":"CVE-2019-4539","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Security Directory Server","version":{"version_data":[{"version_value":"6.4.0"}]}}]},"vendor_name":"IBM"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IBM Security Directory Server 6.4.0 does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system. IBM X-Force ID: 165812."}]},"impact":{"cvssv3":{"BM":{"A":"H","AC":"L","AV":"N","C":"N","I":"L","PR":"L","S":"U","UI":"N"},"TM":{"E":"U","RC":"C","RL":"O"}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Denial of Service"}]}]},"references":{"reference_data":[{"name":"https://www.ibm.com/support/pages/node/1077045","refsource":"CONFIRM","title":"IBM Security Bulletin 1077045 (Security Directory Server)","url":"https://www.ibm.com/support/pages/node/1077045"},{"name":"ibm-sds-cve20194539-xml-injection (165812)","refsource":"XF","title":"X-Force Vulnerability Report","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/165812"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T19:40:47.350Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.ibm.com/support/pages/node/1077045"},{"name":"ibm-sds-cve20194539-xml-injection (165812)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/165812"}]}]},"cveMetadata":{"assignerOrgId":"9a959283-ebb5-44b6-b705-dcc2bbced522","assignerShortName":"ibm","cveId":"CVE-2019-4539","datePublished":"2019-10-02T14:45:29.486Z","dateReserved":"2019-01-03T00:00:00.000Z","dateUpdated":"2024-09-17T00:35:34.193Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}