CVE-2020-4377: XEE

Published Jul 30, 2020

Updated

IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 179156.

Other sources

IBM Cognos Anaytics is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Affected Software

2 affected components

IBM Cognos Analytics=11.0.0

IBM Cognos Analytics=11.1.0

Event History

Jul 30, 2020

CVE Published

via IBM·12:00 AM

Data Sourced

via IBM·12:00 AM

DescriptionSeverityAffected Software

Aug 3, 2020

CVE Published

via MITRE·12:35 PM

Data Sourced

via MITRE·12:35 PM

DescriptionSeverityWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-6252853

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2020-4377.

What is the severity of CVE-2020-4377?

The severity of CVE-2020-4377 is critical with a CVSS score of 9.1.

What is the affected software?

The affected software is IBM Cognos Analytics 11.0 and 11.1.

How does the vulnerability affect the affected software?

The vulnerability allows for an XML External Entity Injection (XXE) attack when processing XML data in IBM Cognos Analytics 11.0 and 11.1.

What is the potential impact of the vulnerability?

The potential impact of the vulnerability is exposure of sensitive information or consumption of memory resources by a remote attacker.