CVE-2020-4772XML External Entity (XXE) Injection in IBM Curam SPM

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.5%
top 32.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Curam SPMIBM Curam Social Program Management
Timeline
PublishedOct 12
Latest updateMay 24

Description

An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDibm/curam_social_program_management7.0.10.0, 7.0.9.0+1
CVEListV5ibm/curam_spm7.0.10, 7.0.9+1

🔴Vulnerability Details

2
GHSA
GHSA-rv8h-4qm2-8qhc: An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 72022-05-24
CVEList
CVE-2020-4772: An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 72020-10-12
CVE-2020-4772 — XML External Entity (XXE) Injection | cvebase