CVE-2020-4463

High

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A…

ibm·CWE-611·Published 2020-07-29

CVSS

8.2

EPSS

0.32

KEV

Exploits

cve.orgen

272 chars

IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181484.

NVDen

272 chars

NVDes

295 chars

IBM Maximo Asset Management versiones 7.6.0.1 y 7.6.0.2, es vulnerable a un ataque de Inyección de XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir recursos de memoria. IBM X-Force ID: 181484

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P
3.0	Primary	cve.org	8.2	—	—	CVSS:3.0/S:U/PR:N/UI:N/AV:N/I:N/C:H/AC:L/A:L/RL:O/RC:C/E:U