CVE-2020-4481

Опубликовано: 05 авг. 2020

Источник: nvd

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/181848
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6256128
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/181848
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6256128
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:urbancode_deploy:6.2.7.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:urbancode_deploy:6.2.7.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:urbancode_deploy:7.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:urbancode_deploy:7.0.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00427

Низкий

8.2 High

CVSS3

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-fcjh-xxf4-45hh

github

больше 3 лет назад

EPSS

Процентиль: 62%

0.00427

Низкий

8.2 High

CVSS3

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-611