XML External Entity (XXE) Vulnerability (CVE-2020-8540)

This document will explain about the XML External Entity (XXE) (CVE-2020-8540) vulnerability on agent servlet, which was reported by kalimer0x00.

What was the problem?

The server parses XML input from the agent periodically to process the data. This attack occurs when there is a reference to external entity which might be malicious in the XML file. This may lead to unintended operations and may crash the server.

How do I fix it?

This was identified and fixed on 07-Mar-2020. This fix is updated in build 10.0.479 and above. To apply this fix, follow the steps below:

    1. Login to your Desktop Central console, click on your current build number on the top-right corner.
    2. Download the latest build that is applicable to you.

 

Keywords: Security Updates, XML External Entity, XXE, Vulnerabilities and Fixes.