| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| Security Bulletin: IBM Maximo Asset Management is vulnerable to Information Disclosure (CVE-2020-4463) | 22 Jul 202218:19 | – | ibm | |
| Exploit for Improper Restriction of XML External Entity Reference in Ibm Maximo_Asset_Management | 13 Aug 202009:03 | – | githubexploit | |
| CVE-2020-4463 | 8 Dec 202011:03 | – | circl | |
| IBM Maximo Asset Management Information Disclosure Vulnerability (CNVD-2020-44620) | 30 Jul 202000:00 | – | cnvd | |
| CVE-2020-4463 | 29 Jul 202014:05 | – | cve | |
| CVE-2020-4463 | 29 Jul 202014:05 | – | cvelist | |
| CVE-2020-4463 | 29 Jul 202014:15 | – | nvd | |
| Xxe | 29 Jul 202014:15 | – | prion | |
| PT-2020-18079 · Ibm · Ibm Maximo Asset Management | 29 Jul 202000:00 | – | ptsecurity | |
| VulnCheck KEV: CVE-2020-4463 | 22 Jan 202400:00 | – | vulncheck_kev |
id: CVE-2020-4463
info:
name: IBM Maximo Asset Management Information Disclosure - XML External Entity Injection
author: dwisiswant0
severity: high
description: |
IBM Maximo Asset Management is vulnerable to an
XML external entity injection (XXE) attack when processing XML data.
A remote attacker could exploit this vulnerability to expose
sensitive information or consume memory resources.
impact: |
The vulnerability can lead to unauthorized access to sensitive information or a denial of service.
remediation: |
Apply the latest security patches or updates provided by IBM to mitigate the vulnerability.
reference:
- https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463
- https://github.com/Ibonok/CVE-2020-4463
- https://exchange.xforce.ibmcloud.com/vulnerabilities/181484
- https://www.ibm.com/support/pages/node/6253953
- https://nvd.nist.gov/vuln/detail/CVE-2020-4463
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
cvss-score: 8.2
cve-id: CVE-2020-4463
cwe-id: CWE-611
epss-score: 0.3159
epss-percentile: 0.98075
cpe: cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: ibm
product: maximo_asset_management
shodan-query: http.favicon.hash:-399298961
fofa-query: icon_hash=-399298961
tags: cve,cve2020,ibm,xxe,disclosure,vkev,vuln
http:
- method: POST
path:
- "{{BaseURL}}/os/mxperson"
- "{{BaseURL}}/meaweb/os/mxperson"
body: |
<?xml version='1.0' encoding='UTF-8'?>
<max:QueryMXPERSON xmlns:max='http://www.ibm.com/maximo'>
<max:MXPERSONQuery></max:MXPERSONQuery>
</max:QueryMXPERSON>
headers:
Content-Type: "application/xml"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "QueryMXPERSONResponse"
- "MXPERSONSet"
- type: word
part: header
words:
- "application/xml"
# digest: 4a0a00473045022002e8e776d1329d34e0e723207009861d57b87817183bd0fc4f00d6cdff2850b102210084bda9d30f5bb2a74bf5efdbdbfcbf59d2c24813b3fe5ae82f19ed77c1b1ea5f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation