Vulnerability CVE-2020-4462
Published: 2020-07-16

Description:
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.

Type:

CWE-611

 (Information Exposure Through XML External Entity Reference)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial
Affected software
IBM -> Sterling external authentication server 
IBM -> Sterling secure proxy 

 References:
https://exchange.xforce.ibmcloud.com/vulnerabilities/181482
https://www.ibm.com/support/pages/node/6249317
https://www.ibm.com/support/pages/node/6249331
Copyright 2024, cxsecurity.com

 

Back to Top