CVE-2020-4300: XEE
First published: Mon May 31 2021(Updated: )
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 176607.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Analytics | =11.0.0 | |
| IBM Cognos Analytics | =11.1.0 | |
| NetApp OnCommand Insight |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2020-4300.
What is the title of this vulnerability?
The title of this vulnerability is 'IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack'.
What is the severity rating of CVE-2020-4300?
The severity rating of CVE-2020-4300 is high.
What is the affected software for this vulnerability?
The affected software for this vulnerability is IBM Cognos Analytics 11.0 and 11.1.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by conducting an XML External Entity Injection (XXE) attack when processing XML data.
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/remedy
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/11.0.0
- version/ibm cognos analytics/11.1.0
- vendor/netapp
- canonical/netapp oncommand insight