Rewterz Threat Advisory - CVE-2020-4481 - IBM UrbanCode Deploy XML external entity injection

Rewterz Threat Advisory – NETGEAR R6700v3 code execution

August 6, 2020

Rewterz Threat Alert – TA505 August 2020 Campaign

August 6, 2020

Rewterz Threat Advisory – CVE-2020-4481 – IBM UrbanCode Deploy XML external entity injection

Severity

High

Analysis Summary

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Impact

Information disclosure

Affected Vendors

IBM

Affected Products

IBM UrbanCode Deploy 6.2.7.3
IBM UrbanCode Deploy 7.0.3.0
IBM UrbanCode Deploy 7.0.4.0
IBM UrbanCode Deploy 6.2.7.4

Remediation

Refer to IBM Security Bulletin 6256128 for patch, upgrade or suggested workaround information.

IBM Security Bulletin 6256128 (UrbanCode Deploy)

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Advisory – CVE-2020-4481 – IBM UrbanCode Deploy XML external entity injection

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan