CVE-2020-4377

Name of the Vulnerable Software and Affected Versions IBM Cognos Analytics versions 11.0 through 11.1

Description The issue allows a remote attacker to expose sensitive information or consume memory resources through an XML External Entity Injection (XXE) attack when processing XML data.

Recommendations For versions 11.0 and 11.1, update to a version that includes a fix for this issue to prevent XXE attacks. As a temporary workaround, consider restricting the processing of external XML entities to minimize the risk of exploitation.