Cyber Resilience

CVE-2024-54171

High

Published: 06 February 2025

Published
06 February 2025
Modified
07 July 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
EPSS Score 0.0003 9.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54171 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Ibm Entirex. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).

Deeper analysis

IBM EntireX 11.1 is vulnerable to CVE-2024-54171, an XML external entity (XXE) injection flaw classified under CWE-611. This vulnerability arises during the processing of XML data, enabling potential injection of external entities that could lead to unauthorized data access or resource exhaustion.

An authenticated attacker with low privileges (PR:L) can exploit this issue remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Exploitation yields high confidentiality impact through sensitive information disclosure, alongside low availability impact via memory resource consumption, without affecting integrity or scope (S:U), as reflected in the CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L).

IBM has issued a security advisory at https://www.ibm.com/support/pages/node/7182693, published on 2025-02-06, which provides details on the vulnerability and recommended mitigation actions.

EU & UK References

Vulnerability details

IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

XXE flaw (CWE-611) directly enables remote exploitation of the application for data access (T1190) and local file/system data retrieval (T1005).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-49781Same product: Linux Linux Kernel
CVE-2024-52363Same product: Linux Linux Kernel
CVE-2024-41763Same product: Linux Linux Kernel
CVE-2024-41767Same product: Linux Linux Kernel
CVE-2023-47160Same product: Microsoft Windows
CVE-2025-14974Same product: Linux Linux Kernel
CVE-2026-8855Same product: Linux Linux Kernel
CVE-2024-38337Same product: Linux Linux Kernel
CVE-2026-8834Same product: Linux Linux Kernel
CVE-2026-1567Same vendor: Ibm

Affected Assets

ibm
entirex
11.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely identification, reporting, and correction of flaws like CVE-2024-54171 through patching as advised by IBM.

prevent

SI-10 mandates validation of XML inputs to block external entity injection and prevent sensitive information disclosure or resource exhaustion.

prevent

CM-6 enforces secure configuration settings for XML parsers in IBM EntireX to disable external entity processing and mitigate XXE.

References