Description
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.
References (2)
Core 2
Core References
Product, Vendor Advisory x_refsource_misc
https://intland.com/codebeamer/application-lifecycle-management/
Exploit, Third Party Advisory x_refsource_misc
https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt
Scores
CVSS v3
5.5
EPSS
0.0091
EPSS Percentile
55.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (2)
intland/codebeamer
10.1.0 (5 CPE variants)
intland/codebeamer
10.0.0 - 10.1.0
Published
Dec 07, 2020
Tracked Since
Feb 18, 2026