CVE-2020-4772: An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this…

high8.1CVSS 3.1

AVNACLPRLUINSUCHINAH

An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150.

Affected

4 ranges

Vendor	Product	Version range	Fixed in
ibm	curam_social_program_management	—	—
ibm	curam_social_program_management	—	—
ibm	curam_spm	—	—
ibm	curam_spm	—	—