CVE-2021-20482: XEE
First published: Sun Mar 28 2021(Updated: )
IBM Business Automation Workflow is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak for Automation | =20.0.2 | |
| IBM Cloud Pak for Automation | =20.0.3-interim_fix002 | |
| <=20.0.3 IF002 | ||
| <=20.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-20482.
What is the severity of CVE-2021-20482?
The severity of CVE-2021-20482 is high with a CVSS score of 7.1.
What is the affected software?
The affected software is IBM Cloud Pak for Automation versions 20.0.2 and 20.0.3 IF002.
What is the impact of CVE-2021-20482?
CVE-2021-20482 allows a remote attacker to expose sensitive information or consume memory resources through an XML External Entity Injection (XXE) attack.
Are there any known fixes or mitigations for CVE-2021-20482?
Yes, IBM has provided a fix for this vulnerability. Please refer to the IBM support page for more details.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/softwarecombine
- agent/description
- agent/event
- vendor/ibm
- canonical/ibm cloud pak for automation
- version/ibm cloud pak for automation/20.0.2
- version/ibm cloud pak for automation/20.0.3-interim_fix002
- version/ibm cloud pak for automation/20.0.3 if002