CVE-2020-4772

Name of the Vulnerable Software and Affected Versions IBM Curam Social Program Management versions 7.0.9 through 7.0.10

Description An XML External Entity Injection (XXE) issue may allow a remote attacker to expose sensitive information, cause denial of service, perform server-side request forgery, or consume memory resources.

Recommendations For versions 7.0.9 and 7.0.10, consider disabling XML external entities to prevent exploitation until a patch is available. Restrict access to sensitive information and monitor server resources to minimize the risk of denial of service or memory consumption.