IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/181482 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6249317 | Vendor Advisory |
https://www.ibm.com/support/pages/node/6249331 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2020-07-15T00:00:00
Updated: 2020-07-16T15:05:35
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-4462
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-16T15:15:28.080
Modified: 2020-07-22T15:37:50.827
Link: CVE-2020-4462
JSON object: View
Redhat Information
No data.
CWE