CVE-2020-4462
HIGHIBM Sterling External Authentication Server and Sterling Secure Proxy - XML External Entity Injection
Title source: llmDescription
IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 181482.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6249331
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6249317
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/181482
Scores
CVSS v3
8.2
EPSS
0.0325
EPSS Percentile
86.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Details
CWE
CWE-611
Status
published
Products (8)
ibm/sterling_external_authentication_server
2.4.2.0
ibm/sterling_external_authentication_server
2.4.3.2
ibm/sterling_external_authentication_server
6.0.0.0
ibm/sterling_external_authentication_server
6.0.1.0
ibm/sterling_secure_proxy
3.4.2.0
ibm/sterling_secure_proxy
3.4.3.0
ibm/sterling_secure_proxy
6.0.0.0
ibm/sterling_secure_proxy
6.0.1.0
Published
Jul 16, 2020
Tracked Since
Feb 18, 2026