CVE-2021-20482

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
7.1HIGH
EPSS
0.4%
top 41.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Cloud PAK FOR Automation
Timeline
PublishedMar 30
Latest updateMay 24

Description

IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5ibm/cloud_pak_for_automation20.0.2, 20.0.3.IF002+1
NVDibm/cloud_pak20.0.2, 20.0.3+1

🔴Vulnerability Details

2
GHSA
GHSA-w4f4-x37j-q6j2: IBM Cloud Pak for Automation 202022-05-24
CVEList
CVE-2021-20482: IBM Cloud Pak for Automation 202021-03-30
CVE-2021-20482 (HIGH CVSS 7.1) | IBM Cloud Pak for Automation 20.0.2 | cvebase.io