CyberSec.Space Logo
Back to CVE Browser

CVE-2020-4772

HIGH
8.1
CVSS Severity Score
EPSS Score0.0210%
EPSS Percentile9.19th
PublishedOct 12, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery or consume memory resources. IBM X-Force ID: 189150.

Affected Platforms (CPE)

πŸ“¦
Ibm

Curam Social Program Management

= 7.0.9.0
πŸ“¦
Ibm

Curam Social Program Management

= 7.0.10.0

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/189150
πŸ”— https://www.ibm.com/support/pages/node/6344069
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/189150
πŸ”— https://www.ibm.com/support/pages/node/6344069

Related Vulnerabilities

CVE-2016-61119.1

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection ...

CVE-2014-89038.8

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authent...

CVE-2020-49428.8

IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to cross-site request forgery which could allow an attacker to ...

CVE-2020-47798.1

A HTTP Verb Tampering vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. By sending a specially-crafte...