commit
33c36b045e
|
@ -0,0 +1,41 @@
|
|||
id: cve-2020-4463
|
||||
|
||||
info:
|
||||
name: IBM Maximo Asset Management Information Disclosure via XXE
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: |
|
||||
IBM Maximo Asset Management is vulnerable to an
|
||||
XML External Entity Injection (XXE) attack when processing XML data.
|
||||
A remote attacker could exploit this vulnerability to expose
|
||||
sensitive information or consume memory resources.
|
||||
|
||||
References:
|
||||
- https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463
|
||||
- https://github.com/Ibonok/CVE-2020-4463
|
||||
|
||||
# This is detection template, use the referenced poc for the exploitation.
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
path:
|
||||
- "{{BaseURL}}/os/mxperson"
|
||||
- "{{BaseURL}}/meaweb/os/mxperson"
|
||||
body: |
|
||||
<?xml version='1.0' encoding='UTF-8'?>
|
||||
<max:QueryMXPERSON xmlns:max='http://www.ibm.com/maximo'>
|
||||
<max:MXPERSONQuery></max:MXPERSONQuery>
|
||||
</max:QueryMXPERSON>
|
||||
headers:
|
||||
Content-Type: application/xml
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "application/xml"
|
||||
part: header
|
||||
- type: word
|
||||
words:
|
||||
- "QueryMXPERSONResponse"
|
||||
- "MXPERSONSet"
|
||||
part: body
|
Loading…
Reference in New Issue