nvd-json-data-feeds/CVE-2020/CVE-2020-265xx/CVE-2020-26513.json

{
  "id": "CVE-2020-26513",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-12-07T16:15:12.153",
  "lastModified": "2024-11-21T05:19:56.783",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Intland codeBeamer ALM versiones 10.xa 10.1.SP4. Los datos XML de ReqIF, usados por la aplicaci\u00f3n codebeamer ALM para importar proyectos, son analizados por componentes de software configurados de manera no segura, que pueden ser objeto de abuso para Ataques de tipo XML External Entity"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "baseScore": 4.3,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "10.0.0",
              "versionEndExcluding": "10.1.0",
              "matchCriteriaId": "3F3BE8BD-0868-4A50-BF06-BAE474BF5328"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A0128D1A-DA5B-49EE-ABC2-DA75EF2B5594"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "35461BDC-7A06-49AE-A528-DB6A986C9F14"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B32DF425-549F-4BEC-A7B6-F66CE063C878"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "8166F01E-B271-4491-B932-00BF843D2146"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "504110BC-FC0C-4A3F-824C-5BF4C573A792"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://intland.com/codebeamer/application-lifecycle-management/",
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://intland.com/codebeamer/application-lifecycle-management/",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Vendor Advisory"
      ]
    }
  ]
}