What is the severity of CVE-2021-20453?

CVE-2021-20453 is considered a medium severity vulnerability due to its potential for exposing sensitive information.

How do I fix CVE-2021-20453?

To fix CVE-2021-20453, update IBM WebSphere Application Server to the latest available version that resolves this issue.

What is an XML External Entity Injection vulnerability in CVE-2021-20453?

An XML External Entity Injection vulnerability allows attackers to manipulate XML data to extract sensitive information or consume system resources.

Which versions of IBM WebSphere Application Server are affected by CVE-2021-20453?

CVE-2021-20453 affects IBM WebSphere Application Server versions 8.0, 8.5, and 9.0 up to specific patch levels.

Can CVE-2021-20453 be exploited remotely?

Yes, CVE-2021-20453 can be exploited by a remote attacker without requiring authentication.

Vulnerability/
CVE-2021-20453

high

8.2

CWE

611

19/4/2021

20/4/2021

17/9/2024

CVE-2021-20453: XEE

First published: Mon Apr 19 2021(Updated: )

IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Application Server Feature Pack for Web Services	<=9.0
IBM WebSphere Application Server Feature Pack for Web Services	<=8.5
IBM WebSphere Application Server Feature Pack for Web Services	<=8.0
IBM WebSphere Application Server Feature Pack for Web Services	>=8.0.0.0<8.0.0.15
IBM WebSphere Application Server Feature Pack for Web Services	>=8.5.0.0<8.5.5.20
IBM WebSphere Application Server Feature Pack for Web Services	>=9.0.0.0<9.0.5.8

Remedy

https://www.ibm.com/support/pages/node/6445171

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6445171

Frequently Asked Questions

What is the severity of CVE-2021-20453?
CVE-2021-20453 is considered a medium severity vulnerability due to its potential for exposing sensitive information.
How do I fix CVE-2021-20453?
To fix CVE-2021-20453, update IBM WebSphere Application Server to the latest available version that resolves this issue.
What is an XML External Entity Injection vulnerability in CVE-2021-20453?
An XML External Entity Injection vulnerability allows attackers to manipulate XML data to extract sensitive information or consume system resources.
Which versions of IBM WebSphere Application Server are affected by CVE-2021-20453?
CVE-2021-20453 affects IBM WebSphere Application Server versions 8.0, 8.5, and 9.0 up to specific patch levels.
Can CVE-2021-20453 be exploited remotely?
Yes, CVE-2021-20453 can be exploited by a remote attacker without requiring authentication.

agent/references
agent/type
agent/first-publish-date
agent/weakness
agent/remedy
agent/author
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/ibm
canonical/ibm websphere application server feature pack for web services
version/ibm websphere application server feature pack for web services/9.0
version/ibm websphere application server feature pack for web services/8.5
version/ibm websphere application server feature pack for web services/8.0
version/ibm websphere application server feature pack for web services/8.0.0.0
version/ibm websphere application server feature pack for web services/8.5.0.0
version/ibm websphere application server feature pack for web services/9.0.0.0