Lucene search

K
ibmIBM60DB7F5346C5B9A16FA72AD40E93F7504EC85787EA9E05A8A2B66219C25CEE88
HistoryAug 31, 2020 - 9:38 p.m.

Security Bulletin:IBM Resilient SOAR is Using Components with Known Vulnerabilities - dom4j (CVE-2020-10683)

2020-08-3121:38:10
www.ibm.com
24
ibm resilient soar
dom4j
vulnerability
xml
upgrade

EPSS

0.007

Percentile

79.9%

Summary

dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.

Vulnerability Details

CVEID:CVE-2020-10683
**DESCRIPTION:**dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Resilient OnPrem IBM Security SOAR

Remediation/Fixes

Users must upgrade to v38.0 of IBM Resilient in order to obtain a fix for this vulnerability.

You can upgrade the platform by following the instructions in the “Upgrade Procedure” section in the IBM Knowledge Center.

Workarounds and Mitigations

None