Rewterz Threat Advisory – CVE-2020-4481 – IBM UrbanCode Deploy XML external entity injection

August 6, 2020

Severity

High

Analysis Summary

IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Impact

Information disclosure

Affected Vendors

IBM

Affected Products

IBM UrbanCode Deploy 6.2.7.3
IBM UrbanCode Deploy 7.0.3.0
IBM UrbanCode Deploy 7.0.4.0
IBM UrbanCode Deploy 6.2.7.4

Remediation

Refer to IBM Security Bulletin 6256128 for patch, upgrade or suggested workaround information.

IBM Security Bulletin 6256128 (UrbanCode Deploy)

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

ClickFix Scheme Used by Russian Hackers to Deploy Espionage Malware – Active IOCs

Cyber Threat Alert: Immediate Action Required on Existing APT Threat Indicators – Active IOCs

Tinba aka TinyBanker Trojan – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – NETGEAR R6700v3 code execution

Rewterz Threat Alert – TA505 August 2020 Campaign

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.