What is CVE-2023-32327?

CVE-2023-32327 is a high-severity vulnerability in Ibm Security Verify Access Appliance, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.1/10. Published 2024-02-03.

How severe is CVE-2023-32327?

High severity. CVSS v3 base score is 7.1 out of 10.

XXE in Ibm Security Verify Access Appliance

CVE-2023-32327

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when proc…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.000 (14.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L.

Affected products

Ibm Security Verify Access Appliance — versions 10.0.0.0
Ibm Security Verify Access Docker — versions 10.0.0.0

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

References

www.ibm.com/support/pages/node/7106586 (vendor-advisory)
exchange.xforce.ibmcloud.com/vulnerabilities/254783 (vdb-entry)

Frequently asked questions

What is CVE-2023-32327?: CVE-2023-32327 is a high-severity vulnerability in Ibm Security Verify Access Appliance, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.1/10. Published 2024-02-03.
How severe is CVE-2023-32327?: High severity. CVSS v3 base score is 7.1 out of 10.