How severe is CVE-2020-4462?

High severity. CVSS v3 base score is 8.2 out of 10.

Vulnerability in Ibm External Authentication Server

CVE-2020-4462

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote at…

EPSS: 0.010 (77.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.0/S:U/AC:L/I:N/A:L/C:H/UI:N/PR:N/AV:N/RC:C/E:U/RL:O.

Affected products

Ibm External Authentication Server — versions 6.0, 6.0.1
Ibm Sterling External Authentication Server — versions 2.4.2, 2.4.3.2
Ibm Sterling Secure Proxy — versions 3.4.2, 3.4.3, 2.4.3

References

www.ibm.com/support/pages/node/6249331 (x_refsource_CONFIRM)
www.ibm.com/support/pages/node/6249317 (x_refsource_CONFIRM)
ibm-sterling-cve20204462-xxe (181482) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2020-4462?: CVE-2020-4462 is a high-severity vulnerability in Ibm External Authentication Server. CVSS score: 8.2/10. Published 2020-07-16.
How severe is CVE-2020-4462?: High severity. CVSS v3 base score is 8.2 out of 10.