IBM2453E0300F1F31552E678A51087092AFDC2EDB636AC23FD3221FB4C98A4DBB71Security Bulletin: XML External Entity Injection (XXE) Vulnerability Affects IBM Secure External Authentication Server (CVE-2020-4462)
0.003 Low
EPSS
Percentile
69.9%
Summary
An XXE vulnerability was addressed by IBM Secure External Authentication Server.
Vulnerability Details
CVEID:CVE-2020-4462
**DESCRIPTION:**IBM Sterling External Authentication Server and IBM Sterling Secure Proxy is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181482 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Sterling External Authentication Server | 2.4.2 |
| IBM External Authentication Server | 6.0 |
| IBM External Authentication Server 6.0.1 | 6.0.1 |
| IBM Sterling External Authentication Server | 2.4.3.2 |
Remediation/Fixes
Product
|
VRMF
|
iFix
|
Remediation/First Fix
—|—|—|—
IBM Secure External Authentication Server
|
6.0.1.1
|
GA
|
IBM Secure External Authentication Server
|
6.0.0.1
|
iFix 4
|
IBM Sterling External Authentication Server
|
2.4.3.2
|
iFix 8
|
IBM Sterling External Authentication Server
|
2.4.2.0
|
iFix 17
|
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm sterling secure proxy | eq | 6.0.1 | |
| ibm sterling secure proxy | eq | 6.0.0 | |
| ibm sterling secure proxy | eq | 2.4.3 | |
| ibm sterling secure proxy | eq | 2.4.2 |
Related
0.003 Low
EPSS
Percentile
69.9%