What is CVE-2021-20454?

CVE-2021-20454 is a vulnerability in IBM WebSphere Application Server that allows for XML External Entity Injection (XXE) attacks.

What is the severity of CVE-2021-20454?

The severity of CVE-2021-20454 is rated as high with a CVSS score of 8.2.

Which versions of IBM WebSphere Application Server are affected by CVE-2021-20454?

IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 are affected by CVE-2021-20454.

How does CVE-2021-20454 impact the affected software?

CVE-2021-20454 allows remote attackers to exploit the vulnerability and potentially expose sensitive information or consume memory resources.

Where can I find more information about CVE-2021-20454?

More information about CVE-2021-20454 can be found at the following references: [Reference 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/196649) and [Reference 2](https://www.ibm.com/support/pages/node/6445481).

Vulnerability/
CVE-2021-20454

high

8.2

CWE

611

20/4/2021

21/4/2021

16/9/2024

CVE-2021-20454: XEE

First published: Tue Apr 20 2021(Updated: )

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
Ibm Websphere Application Server	<=9.0
Ibm Websphere Application Server	<=8.5
Ibm Websphere Application Server	<=8.0
Ibm Websphere Application Server	<=7.0
Ibm Websphere Application Server	>=7.0.0.0<=7.0.0.45
Ibm Websphere Application Server	>=8.0.0.0<=8.0.0.15
Ibm Websphere Application Server	>=8.5.0.0<=8.5.5.19
Ibm Websphere Application Server	>=9.0.0.0<=9.0.5.7

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6445481

Frequently Asked Questions

What is CVE-2021-20454?
CVE-2021-20454 is a vulnerability in IBM WebSphere Application Server that allows for XML External Entity Injection (XXE) attacks.
What is the severity of CVE-2021-20454?
The severity of CVE-2021-20454 is rated as high with a CVSS score of 8.2.
Which versions of IBM WebSphere Application Server are affected by CVE-2021-20454?
IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 are affected by CVE-2021-20454.
How does CVE-2021-20454 impact the affected software?
CVE-2021-20454 allows remote attackers to exploit the vulnerability and potentially expose sensitive information or consume memory resources.
Where can I find more information about CVE-2021-20454?
More information about CVE-2021-20454 can be found at the following references: [Reference 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/196649) and [Reference 2](https://www.ibm.com/support/pages/node/6445481).

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/severity
agent/tags
agent/description
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm websphere application server
version/ibm websphere application server/7.0.0.0
version/ibm websphere application server/7.0.0.45
version/ibm websphere application server/8.0.0.0
version/ibm websphere application server/8.0.0.15
version/ibm websphere application server/8.5.0.0
version/ibm websphere application server/8.5.5.19
version/ibm websphere application server/9.0.0.0
version/ibm websphere application server/9.0.5.7
version/ibm websphere application server/9.0
version/ibm websphere application server/8.5
version/ibm websphere application server/8.0
version/ibm websphere application server/7.0