Lucene search
IBMA2DE05E412B7035638B34D8EB6B98386D6D00CA72BD8F80C09141A25B1FCFC3CHistoryOct 28, 2020 - 5:51 p.m.
Security Bulletin: Embedded WebSphere Application Server Traditional is vulnerable to an information disclosure vulnerability affects Content Collector for Email
2020-10-2817:51:19
www.ibm.com
12
ibm
websphere
xxe attack
content collector
email
vulnerability
4.0.0
xxe
information disclosure
EPSS
0.001
Percentile
47.7%
Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information.
Vulnerability Details
CVEID:CVE-2020-4643
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185590 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Content Collector for Email | 4.0.0 |
| Content Collector for Email | 4.0.x |
Remediation/Fixes
| Product | VRM | Remediation |
|---|---|---|
| Content Collector for Email | 4.0.1 | Use Content Collector for Email 4.0.1.9 Interim Fix IF007 |
Workarounds and Mitigations
None
Related
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management 11.6
2022-04-27 10:23:01
nessus
nessus
cvelist
cvelist
CVE-2020-4643
2020-09-21 17:10:13
prion
prion
Xxe
2020-09-21 17:15:00
nvd
nvd
CVE-2020-4643
2020-09-21 17:15:13
cve
cve
CVE-2020-4643
2020-09-21 17:15:13
EPSS
0.001
Percentile
47.7%
Related for A2DE05E412B7035638B34D8EB6B98386D6D00CA72BD8F80C09141A25B1FCFC3C