CVE-2020-4463
CVE-2020-4463
In short
IBM Maximo Asset Management versions 7.6.0.1 and 7.6.0.2 have a weakness that allows attackers to inject malicious XML code, which can leak sensitive company data or exhaust system memory resources.
Technical detail
The application fails to properly validate and disable external entity processing in XML parsers, allowing a remote attacker to craft malicious XML payloads that trigger XXE attacks, leading to information disclosure or denial of service through resource exhaustion.
Summary generated and translated by AI from the official description.
IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484.
CVSS:3.0/S:U/PR:N/UI:N/AV:N/I:N/C:H/AC:L/A:L/RL:O/RC:C/E:U
Affected products
IBM · Maximo Asset ManagementWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →