Primary

Context

IBM ICP Voice Gateway XML Injection Vulnerability

Vulnerability

A vulnerability allowing XML injection has been identified in multiple versions of IBM ICP - Voice Gateway, specifically in versions 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.7.1, and 1.0.8. This vulnerability could enable a remote attacker to send specially crafted XML statements, potentially allowing them to view or modify information within the XML document.

Impact

Exploitation of this vulnerability could lead to unauthorized viewing or modification of XML document information.

Remediation

Users are advised to upgrade to IBM Voice Gateway version 1.0.8.x. The updated images are available as 'ibmcom/voice-gateway-so:1.0.8.17' and 'ibmcom/voice-gateway-sms:1.0.8.14'.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM ICP Voice Gateway XML Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating