Enhancement: cves/2020/CVE-2020-4463.yaml by mp
parent
d38c7c18f8
commit
965439f661
|
@ -1,12 +1,12 @@
|
|||
id: CVE-2020-4463
|
||||
|
||||
info:
|
||||
name: IBM Maximo Asset Management Information Disclosure via XXE
|
||||
name: IBM Maximo Asset Management Information Disclosure -XML External Entity Injection
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: |
|
||||
IBM Maximo Asset Management is vulnerable to an
|
||||
XML External Entity Injection (XXE) attack when processing XML data.
|
||||
XML external entity injection (XXE) attack when processing XML data.
|
||||
A remote attacker could exploit this vulnerability to expose
|
||||
sensitive information or consume memory resources.
|
||||
reference:
|
||||
|
@ -14,6 +14,7 @@ info:
|
|||
- https://github.com/Ibonok/CVE-2020-4463
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/181484
|
||||
- https://www.ibm.com/support/pages/node/6253953
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-4463
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
|
||||
cvss-score: 8.2
|
||||
|
@ -44,3 +45,5 @@ requests:
|
|||
- "QueryMXPERSONResponse"
|
||||
- "MXPERSONSet"
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/06/28
|
||||
|
|
Loading…
Reference in New Issue