CVE-2020-26513 Information
Jun 07, 2022
cve
Description
An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data used by the codebeamer ALM application to import projects is parsed by insecurely configured software components which can be abused for XML External Entity Attacks.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Reference
https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt https://intland.com/codebeamer/application-lifecycle-management/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.5
Share on: