CVE-2020-4377: XEE
First published: Thu Jul 30 2020(Updated: )
IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cognos Analytics | =11.0.0 | |
| IBM Cognos Analytics | =11.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-4377.
What is the severity of CVE-2020-4377?
The severity of CVE-2020-4377 is critical with a CVSS score of 9.1.
What is the affected software?
The affected software is IBM Cognos Analytics 11.0 and 11.1.
How does the vulnerability affect the affected software?
The vulnerability allows for an XML External Entity Injection (XXE) attack when processing XML data in IBM Cognos Analytics 11.0 and 11.1.
What is the potential impact of the vulnerability?
The potential impact of the vulnerability is exposure of sensitive information or consumption of memory resources by a remote attacker.
- agent/type
- agent/references
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- vendor/ibm
- canonical/ibm cognos analytics
- version/ibm cognos analytics/11.0.0
- version/ibm cognos analytics/11.1.0