CVE-2021-20492XML External Entity (XXE) Injection in IBM Websphere Application Server

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.3%
top 46.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedMay 26
Latest updateMay 24

Description

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:LExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

NVDibm/websphere_application_server8.0.0.08.0.0.15+3
CVEListV5ibm/websphere_application_server4 versions+3

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-g945-cxxh-jxh9: IBM WebSphere Application Server 82022-05-24
CVEList
CVE-2021-20492: IBM WebSphere Application Server 82021-05-26
CVE-2021-20492 — XML External Entity (XXE) Injection | cvebase