Lucene search
IBMDF21A240E0CDA84BABAB2DFC3F185953860E037D14CEA3116CEA6D0CE681A993HistoryAug 04, 2020 - 6:54 p.m.
Security Bulletin: CVE-2020-4481 HTTP properties vulnerable to an XXE attack
2020-08-0418:54:01
www.ibm.com
15
cve-2020-4481
http properties
xxe attack
ibm urbancode deploy
xml external entity injection
cvss base score 8.2
sensitive information exposure
memory resource
upgrade
version 6.2.7.8
version 7.0.5.3
version 7.1.0.1
EPSS
0.002
Percentile
52.4%
Summary
HTTP properties are vulnerable to an XXE attack. This could allow files from the server host to be extracted.
Vulnerability Details
CVEID:CVE-2020-4481
**DESCRIPTION:**IBM UrbanCode Deploy (UCD) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181848 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| UCD - IBM UrbanCode Deploy | 6.2.7.4 |
| UCD - IBM UrbanCode Deploy | 6.2.7.3 |
| UCD - IBM UrbanCode Deploy | 7.0.4.0 |
| UCD - IBM UrbanCode Deploy | 7.0.3.0 |
| UCD - IBM UrbanCode Deploy | All |
Remediation/Fixes
Upgrade to 6.2.7.8, 7.0.5.3, 7.1.0.1 or later
Workarounds and Mitigations
None
Related
cve
cve
CVE-2020-4481
2020-08-05 14:15:13
nvd
nvd
CVE-2020-4481
2020-08-05 14:15:13
cvelist
cvelist
CVE-2020-4481
2020-08-05 13:15:17
prion
prion
Xxe
2020-08-05 14:15:00
EPSS
0.002
Percentile
52.4%
Related for DF21A240E0CDA84BABAB2DFC3F185953860E037D14CEA3116CEA6D0CE681A993