Merge pull request #667 from dwisiswant0/add/CVE-2020-4463

Add CVE-2020-4463
2020-12-07 20:31:05 +05:30 · 2020-12-07 20:31:05 +05:30 · 33c36b045e
parent c199fc988d dd077a0300
commit 33c36b045e
1 changed files with 41 additions and 0 deletions
--- a/cves/CVE-2020-4463.yaml
+++ b/cves/CVE-2020-4463.yaml
@ -0,0 +1,41 @@
+id: cve-2020-4463
+
+info:
+  name: IBM Maximo Asset Management Information Disclosure via XXE
+  author: dwisiswant0
+  severity: high
+  description: |
+    IBM Maximo Asset Management is vulnerable to an
+    XML External Entity Injection (XXE) attack when processing XML data.
+    A remote attacker could exploit this vulnerability to expose
+    sensitive information or consume memory resources.
+
+    References:
+    - https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463
+    - https://github.com/Ibonok/CVE-2020-4463
+
+  # This is detection template, use the referenced poc for the exploitation.
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/os/mxperson"
+      - "{{BaseURL}}/meaweb/os/mxperson"
+    body: |
+      <?xml version='1.0' encoding='UTF-8'?>
+      <max:QueryMXPERSON xmlns:max='http://www.ibm.com/maximo'>
+        <max:MXPERSONQuery></max:MXPERSONQuery>
+      </max:QueryMXPERSON>
+    headers:
+      Content-Type: application/xml
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "application/xml"
+        part: header
+      - type: word
+        words:
+          - "QueryMXPERSONResponse"
+          - "MXPERSONSet"
+        part: body