6.4
CVSSv2

CVE-2020-4463

Published: 29/07/2020 Updated: 30/07/2020
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 8.2 | Impact Score: 4.2 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Vulnerability Summary

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484.

Vulnerability Trend

Github Repositories

IBM Maximo Asset Management is vulnerable to Information Disclosure via XXE Vulnerability (CVE-2020-4463)

IBM Maximo Asset Management is vulnerable to Information Disclosure via XXE Vulnerability (CVE-2020-4463) IBM Maximo Asset Management is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources Base Score: 82 Vector: CVSS:31/AV:N/AC:L/PR

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr