CVE-2020-4462

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
ibmCNA
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.0/S:U/AC:L/I:N/A:L/C:H/UI:N/PR:N/AV:N/RC:C/E:U/RL:O
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
ibmsterling_external_authentication_server
2.4.2.0
ibmsterling_external_authentication_server
2.4.3.2
ibmsterling_external_authentication_server
6.0.0.0
ibmsterling_external_authentication_server
6.0.1.0
ibmsterling_secure_proxy
3.4.2.0
ibmsterling_secure_proxy
3.4.3.0
ibmsterling_secure_proxy
6.0.0.0
ibmsterling_secure_proxy
6.0.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/181482
https://www.ibm.com/support/pages/node/6249317
https://www.ibm.com/support/pages/node/6249331
https://exchange.xforce.ibmcloud.com/vulnerabilities/181482
https://www.ibm.com/support/pages/node/6249317
https://www.ibm.com/support/pages/node/6249331