First published: Wed May 26 2021(Updated: )
IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cloud Pak for Automation | <=20.0.3-IF002 | |
IBM Cloud Pak for Automation | <=21.0.1 | |
Ibm Websphere Application Server | >=8.0.0.0<=8.0.0.15 | |
Ibm Websphere Application Server | >=8.5.0.0<=8.5.5.19 | |
Ibm Websphere Application Server | >=9.0.0.0<=9.0.5.7 | |
Ibm Websphere Application Server | >=17.0.0.3<=21.0.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20492 is a vulnerability in IBM WebSphere Application Server and Liberty Java Batch that allows for an XML External Entity (XXE) injection attack, potentially exposing sensitive information or consuming memory resources.
Users of IBM WebSphere Application Server versions 8.0, 8.5, 9.0, and Liberty Java Batch versions 17.0.0.3 to 21.0.0.5 are affected by CVE-2021-20492.
CVE-2021-20492 has a severity rating of 8.2 (high).
An attacker can exploit CVE-2021-20492 by injecting malicious XML data to perform an XML External Entity (XXE) attack, potentially exposing sensitive information or consuming memory resources.
IBM has released security updates to address CVE-2021-20492. It is recommended to update to the latest version of IBM WebSphere Application Server or Liberty Java Batch to mitigate this vulnerability.