IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/181482 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/pages/node/6249317 | Vendor Advisory |
https://www.ibm.com/support/pages/node/6249331 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-07-16 08:15
Updated : 2020-07-22 08:37
NVD link : CVE-2020-4462
Mitre link : CVE-2020-4462
JSON object : View
CWE
CWE-611
Improper Restriction of XML External Entity Reference
Products Affected
ibm
- sterling_external_authentication_server
- sterling_secure_proxy