CVE-2020-4463 PoC — IBM Maximo Asset Management 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-4463.yaml

Associated Vulnerability

Title:IBM Maximo Asset Management 代码问题漏洞 (CVE-2020-4463)
Description:IBM Maximo Asset Management是美国IBM公司的一套综合性资产生命周期和维护管理解决方案。该方案能够在一个平台上管理所有类型的资产，如设施、交通运输等，并对这些资产实现单点控制。 IBM Maximo Asset Management 7.6.0版本和7.6.1版本中存在代码问题漏洞，该漏洞源于程序没有正确处理XML外部实体。远程攻击者可利用该漏洞泄露敏感信息或消耗内存资源。

Description

IBM Maximo Asset Management is vulnerable to an
XML external entity injection (XXE) attack when processing XML data.
A remote attacker could exploit this vulnerability to expose
sensitive information or consume memory resources.

File Snapshot


 id: CVE-2020-4463

info:
  name: IBM Maximo Asset Management Information Disclosure - XML External E

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!