Vulnerabilities > CVE-2020-14204 - XXE vulnerability in IBI Webfocus Business Intelligence 8.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |