CVE-2020-26513

EUVD-2020-19060
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
intlandcodebeamer
10.0.0 ≤
𝑥
< 10.1.0
intlandcodebeamer
10.1.0
intlandcodebeamer
10.1.0:sp1
intlandcodebeamer
10.1.0:sp2
intlandcodebeamer
10.1.0:sp3
intlandcodebeamer
10.1.0:sp4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt
https://intland.com/codebeamer/application-lifecycle-management/
https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt
https://intland.com/codebeamer/application-lifecycle-management/