CVE-2020-4772: XEE
First published: Thu Oct 08 2020(Updated: )
An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Curam Social Program Management | =7.0.9.0 | |
| IBM Curam Social Program Management | =7.0.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-4772.
What is the severity of CVE-2020-4772?
The severity of CVE-2020-4772 is high with a CVSS score of 8.1.
Which software versions are affected by this vulnerability?
IBM Curam Social Program Management versions 7.0.9 and 7.0.10 are affected by this vulnerability.
What is an XML External Entity Injection (XXE) vulnerability?
An XML External Entity Injection (XXE) vulnerability allows an attacker to manipulate XML input files to disclose internal files, perform remote requests, or consume excessive resources.
How can this vulnerability be exploited?
A remote attacker can exploit this vulnerability to expose sensitive information, perform denial of service attacks, conduct server side request forgery, or consume memory resources.
- collector/nvd-index
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/ibm
- canonical/ibm curam social program management
- version/ibm curam social program management/7.0.9.0
- version/ibm curam social program management/7.0.10.0