6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
46.5%
Libxml2 is used by IBM Safer Payments as part of PMML models, external queries, and docx file templates for Outgoing Channel Configurations. This vulnerability has been addressed.
CVEID:CVE-2023-29469
**DESCRIPTION:**GNOME libxml2 is vulnerable to a denial of service, caused by a double free flaw in the xmlDictComputeFastKey function due to hashing empty strings are not null-terminated. By persuading a victim to open a specially crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/253143 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Safer Payments | 6.1.0.00 and above, 6.2.0.00 and above, 6.3.0.00 - 6.3.1.04, 6.4.0.00 - 6.4.2.03, 6.5.0.00 - 6.5.0.01 |
Update IBM Safer Payments to version 6.3.1.05, 6.4.2.04, 6.5.0.02, or higher.
Refer to the IBM Safer Payments documentation to download the updates.
Do not use PMML models, external queries, and docx file templates for Outgoing Channel Configurations
CPE | Name | Operator | Version |
---|---|---|---|
ibm safer payments | eq | 6.1 | |
ibm safer payments | eq | 6.2 | |
ibm safer payments | eq | 6.3 | |
ibm safer payments | eq | 6.4 | |
ibm safer payments | eq | 6.5 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
46.5%