Lucene search
China National Vulnerability DatabaseCNVD-2023-41896HistoryMay 12, 2023 - 12:00 a.m.
IBM WebSphere Application Server Entity Injection Vulnerability (CNVD-2023-41896)
2023-05-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
2
ibm
websphere
application server
entity injection
vulnerability
xml
xxe
remote attacker
sensitive information
memory resources
0.001 Low
EPSS
Percentile
47.6%
IBM WebSphere Application Server is an application server product. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. An entity injection vulnerability exists in IBM WebSphere Application Server. The vulnerability is due to the susceptibility of the affected version to XML External Entity Injection (XXE) attacks when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm websphere application server >=8.5.0.0,<8. | eq | 5.5.24 | |
| ibm websphere application server >=9.0.0.0,<9. | eq | 0.5.16 |
Related
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2023-27554)
2023-05-26 21:00:09
cve
cve
CVE-2023-27554
2023-05-11 20:15:09
prion
prion
Xxe
2023-05-11 20:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-27554
2023-05-11 20:15:09