SB2025052029 - Multiple vulnerabilities in IBM Voice Gateway

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025052029

SB2025052029 - Multiple vulnerabilities in IBM Voice Gateway

Published: May 20, 2025

Security Bulletin ID SB2025052029
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) XML injection (CVE-ID: CVE-2024-47113)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when processing XML data. A remote unauthenticated attacker can pass specially crafted XML data to the application and perform arbitrary actions on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Information disclosure (CVE-ID: CVE-2023-50314)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can use a certificate issued by a trusted authority to obtain sensitive information.


Remediation

Install update from vendor's website.

References