Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Voice Gateway by IBM

    CVE-2024-47113 (GCVE-0-2024-47113)

    Vulnerability from nvd – Published: 2025-01-18 15:29 – Updated: 2025-01-21 20:53
    VLAI
    Title
    IBM ICP - Voice Gateway XML injection
    Summary
    IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-91 - XML Injection (aka Blind XPath Injection)
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Voice Gateway Affected: 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, 1.0.8
        cpe:2.3:a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.8:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47113",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T20:52:58.392154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T20:53:07.098Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.8:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Voice Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, 1.0.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM ICP - Voice Gateway\u0026nbsp;1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.\u003c/span\u003e"
                }
              ],
              "value": "IBM ICP - Voice Gateway\u00a01.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-91",
                  "description": "CWE-91 XML Injection (aka Blind XPath Injection)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-18T15:29:40.728Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7175791"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM ICP - Voice Gateway XML injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-47113",
        "datePublished": "2025-01-18T15:29:40.728Z",
        "dateReserved": "2024-09-18T19:27:02.821Z",
        "dateUpdated": "2025-01-21T20:53:07.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-47113 (GCVE-0-2024-47113)

    Vulnerability from cvelistv5 – Published: 2025-01-18 15:29 – Updated: 2025-01-21 20:53
    VLAI
    Title
    IBM ICP - Voice Gateway XML injection
    Summary
    IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-91 - XML Injection (aka Blind XPath Injection)
    Assigner
    ibm
    References
    Impacted products
    Vendor Product Version
    IBM Voice Gateway Affected: 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, 1.0.8
        cpe:2.3:a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.7.1:*:*:*:*:*:*:*
        cpe:2.3:a:ibm:voice_gateway:1.0.8:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-47113",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-21T20:52:58.392154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-21T20:53:07.098Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.7.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:ibm:voice_gateway:1.0.8:*:*:*:*:*:*:*"
              ],
              "defaultStatus": "unaffected",
              "product": "Voice Gateway",
              "vendor": "IBM",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, 1.0.8"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM ICP - Voice Gateway\u0026nbsp;1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.\u003c/span\u003e"
                }
              ],
              "value": "IBM ICP - Voice Gateway\u00a01.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-91",
                  "description": "CWE-91 XML Injection (aka Blind XPath Injection)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-18T15:29:40.728Z",
            "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
            "shortName": "ibm"
          },
          "references": [
            {
              "url": "https://www.ibm.com/support/pages/node/7175791"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "IBM ICP - Voice Gateway XML injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "assignerShortName": "ibm",
        "cveId": "CVE-2024-47113",
        "datePublished": "2025-01-18T15:29:40.728Z",
        "dateReserved": "2024-09-18T19:27:02.821Z",
        "dateUpdated": "2025-01-21T20:53:07.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }