CVE-2020-4125Download of Code Without Integrity Check in IBM Marketing Operations

CWE-494Download of Code Without Integrity Check3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.1%
top 66.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Marketing Operations
Timeline
PublishedJul 20
Latest updateMay 24

Description

Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages1 packages

NVDibm/marketing_operations10.110.1.0.3+2

Patches

Patch: support.hcltechsw.comPatch: support.hcltechsw.com

🔴Vulnerability Details

2
GHSA
GHSA-3587-wxgr-vm9r: Using HCL Marketing Operations 92022-05-24
CVEList
CVE-2020-4125: Using HCL Marketing Operations 92020-07-20
CVE-2020-4125 — IBM Marketing Operations vulnerability | cvebase