Skip to main content

Entirex CVE-2024-54171

HIGH
Improper Restriction of XML External Entity Reference (CWE-611)
2025-02-06 psirt@us.ibm.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:25 vuln.today
CVE Published
Feb 06, 2025 - 21:15 nvd
HIGH 7.1

DescriptionCVE.org

IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

AnalysisAI

IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as XML External Entity (XXE) (CWE-611), which allows attackers to read arbitrary files or perform SSRF through XML processing. IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources. Affected products include: Ibm Entirex.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Disable external entity processing in XML parsers, use JSON instead of XML where possible.

CVE-2024-54169 MEDIUM
6.5 Feb 27

IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. Rated medium severity (CVS

CVE-2025-0158 MEDIUM
5.5 Feb 06

IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation. Ra

CVE-2024-54170 MEDIUM
5.5 Feb 27

IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an ineffi

CVE-2024-56812 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56811 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56810 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56496 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56495 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56494 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2024-56493 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

CVE-2025-0759 LOW
3.3 Feb 27

IBM EntireX 11.1 could allow a local user to unintentionally modify data timestamp integrity due to improper shared reso

CVE-2024-56467 LOW
3.3 Feb 06

IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is ret

Share

CVE-2024-54171 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy