EUVD-2018-12484

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM WebSphere Application Server 9.0.0.0 to 9.0.0.9 vulnerable to XML External Entity Injection attack

Reporter	Title	Published	Views	Family All 19
IBM Security Bulletins	Security Bulletin: Potential XML External Entity (XXE) Injection Vulnerability in WebSphere Application Server (CVE-2018-1905)	19 Feb 201918:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud	5 Mar 201917:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Rational products based on IBM Jazz technology	27 Nov 201819:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Tivoli Access Manager for e-business	29 Jan 201921:45	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearQuest (CVE-2018-1905)	11 Dec 201813:50	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server is shipped with WebSphere Remote Server. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins.	4 Dec 201814:25	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2018-1905)	19 Dec 201822:45	–	ibm
IBM Security Bulletins	WebSphere Application Server and IBM HTTP Server Security Bulletin List	13 Jul 202218:04	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with OpenPages GRC Platform (CVE-2018-1905)	11 Dec 201815:50	–	ibm
IBM Security Bulletins	Security Bulletin: A Security Vulnerability in Websphere Application Server Affects Predictive Customer Intelligence (CVE-2018-1905)	11 Feb 202021:31	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "97bdc843-2b0c-3da3-9add-9def84150145",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "16cb5234-3673-30fa-8a4d-03d7a038a0e1",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0.0.3"
      },
      {
        "id": "4b89cfea-148b-31c6-865f-62528cb51c29",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0.0.6"
      },
      {
        "id": "50702bf8-1c16-3b57-819c-d706ec4364c4",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0.0.4"
      },
      {
        "id": "ef70ffe4-6eef-3fc4-b84d-a162dcecf7ef",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0.0.5"
      },
      {
        "id": "f11ae19d-12a6-32c2-97aa-bd21b934654a",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0.0.1"
      },
      {
        "id": "f47ac64d-45bf-3e27-85c4-6c7d01e21c1d",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0.0.2"
      },
      {
        "id": "f8992772-4112-371d-b685-9312cb17195d",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0.0.0"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/106030
ibm	www.ibm.com/support/docview.wss
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/152534
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.1High risk

Vulners AI Score7.1

CVSS 37.1

CVSS 25.5

EPSS0.00434