An XXE vulnerability was addressed by IBM Secure Proxy.
CVEID:CVE-2020-4462
**DESCRIPTION:**IBM Sterling External Authentication Server and IBM Sterling Secure Proxy is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181482 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Secure Proxy | 6.0 |
IBM Secure Proxy 6.0.1 | 6.0.1 |
IBM Sterling Secure Proxy | 3.4.3.2 |
IBM Sterling Secure Proxy | 3.4.2 |
Product
|
VRMF
|
iFix
|
Remediation/First Fix
—|—|—|—
IBM Secure Proxy
|
6.0.1.1
|
GA
|
IBM Secure Proxy
|
6.0.0.1
|
iFix 3
|
IBM Sterling Secure Proxy
|
3.4.3.2
|
iFix 8
|
IBM Sterling Secure Proxy
|
3.4.2.0
|
iFix 21
|
None