CVE-2020-4643XML External Entity (XXE) Injection in IBM Websphere Application Server

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 42.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedSep 21
Latest updateMay 24

Description

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/websphere_application_server7.0.0.07.0.0.45+3
CVEListV5ibm/websphere_application_server4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-j62j-249h-8r55: IBM WebSphere Application Server 72022-05-24
CVEList
CVE-2020-4643: IBM WebSphere Application Server 72020-09-21
CVE-2020-4643 — XML External Entity (XXE) Injection | cvebase