CyberSec.Space Logo
Back to CVE Browser

CVE-2020-4481

HIGH
8.2
CVSS Severity Score
EPSS Score0.1010%
EPSS Percentile24.25th
PublishedAug 5, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181848.

Affected Platforms (CPE)

πŸ“¦
Ibm

Urbancode Deploy

= 6.2.7.3
πŸ“¦
Ibm

Urbancode Deploy

= 6.2.7.4
πŸ“¦
Ibm

Urbancode Deploy

= 7.0.3.0
πŸ“¦
Ibm

Urbancode Deploy

= 7.0.4.0

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/181848
πŸ”— https://www.ibm.com/support/pages/node/6256128
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/181848
πŸ”— https://www.ibm.com/support/pages/node/6256128

Related Vulnerabilities

CVE-2016-893810.0

IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the serve...

CVE-2020-42028.8

IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is conf...

CVE-2016-02718.2

The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's id...

CVE-2017-11498.1

IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE...