First published: Wed Feb 10 2021(Updated: )
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Websphere Application Server | >=7.0.0.0<7.0.0.45 | |
Ibm Websphere Application Server | >=8.0.0.0<8.0.0.15 | |
Ibm Websphere Application Server | >=8.5.0.0<8.5.5.20 | |
Ibm Websphere Application Server | >=9.0.0.0<9.0.5.7 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-20353.
The severity of CVE-2021-20353 is high.
The vulnerability allows remote attackers to disclose sensitive information on affected installations of IBM WebSphere.
No, authentication is not required to exploit CVE-2021-20353.
To fix CVE-2021-20353, apply the latest security updates provided by IBM.