Lucene search

CVE-2021-20353

🗓️ 10 Feb 2021 17:22:15Reported by ibmType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 82 Views

IBM WebSphere App Server 7.0-9.0 XML External Entity Injection vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 38
IBM Security Bulletins	Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20353)	11 Feb 202119:46	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20353)	23 Apr 202116:52	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2021-20353	18 May 202113:16	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-20353)	16 Apr 202109:35	–	ibm
IBM Security Bulletins	Security Bulletin: A Security Vulnerability Has Been Identified In IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2021-20353)	17 Feb 202123:01	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager (CVE-2021-20353)	22 Feb 202120:42	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2021-20353)	30 Apr 202114:36	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-20353)	16 Apr 202109:38	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-20353)	14 Sep 202215:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Privileged Identity Manager is affected by XML External Entity (XXE) Injection vulnerability vulnerability in WebSphere Application Server (CVE-2021-20353)	4 Aug 202107:47	–	ibm

Nvd

Vulners

Node

ibm websphere_application_serverRange7.0.0.0–7.0.0.45

ibm websphere_application_serverRange8.0.0.0–8.0.0.15

ibm websphere_application_serverRange8.5.0.0–8.5.5.20

ibm websphere_application_serverRange9.0.0.0–9.0.5.7

[
  {
    "product": "WebSphere Application Server",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "8.0"
      },
      {
        "status": "affected",
        "version": "8.5"
      },
      {
        "status": "affected",
        "version": "9.0"
      }
    ]
  }
]

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/194882
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-174/
ibm	www.ibm.com/support/pages/node/6413709

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 Feb 2021 17:15Current

8High risk

Vulners AI Score8

CVSS26.4

CVSS38.2

EPSS0.01482

CWE-611