This document will explain about the XML External Entity (XXE) (CVE-2020-8540) vulnerability on agent servlet, which was reported by kalimer0x00.
The server parses XML input from the agent periodically to process the data. This attack occurs when there is a reference to external entity, which might be malicious, in the XML file. This may lead to unintended operations and may crash the server.
This was identified and fixed on 07-Mar-2020. This fix is updated in build 10.0.479 and above. To apply this fix, follow the steps below:
Keywords: Security Updates, XML External Entity, XXE, Vulnerabilities and Fixes.