An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The ReqIF XML data, used by the codebeamer ALM application to import projects, is parsed by insecurely configured software components, which can be abused for XML External Entity Attacks.
References
Link | Resource |
---|---|
https://compass-security.com/fileadmin/Research/Advisories/2020-09_CSNC-2020-008_Intland_codeBeamer_ALM_XXE.txt | Exploit Third Party Advisory |
https://intland.com/codebeamer/application-lifecycle-management/ | Product Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Oct 2023, 19:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp3:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:*:*:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:-:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp4:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp2:*:*:*:*:*:* |
cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:* cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:* |
First Time |
Intland codebeamer
|
Information
Published : 2020-12-07 16:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-26513
Mitre link : CVE-2020-26513
CVE.ORG link : CVE-2020-26513
JSON object : View
Products Affected
intland
- codebeamer
CWE
CWE-611
Improper Restriction of XML External Entity Reference