EUVD-2020-25890

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM WebSphere Application Server has an XML External Entity Injection vulnerability exposing sensitive data.

Reporter	Title	Published	Views	Family All 48
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in WebSphere Application Server affect Predictive Maintenance and Quality and Predictive Maintenance Insights	19 Oct 202015:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM StoredIQ for Legal	4 Mar 202109:24	–	ibm
IBM Security Bulletins	Security Bulletin: A Security Vulnerability in Websphere Application Server Affects Predictive Customer Intelligence (CVE-2020-4643)	15 Oct 202016:28	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an information exposure vulnerability (CVE-2020-4643)	1 Dec 202004:03	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server which is shipped with IBM Tivoli Netcool Configuration Manager (CVE-2020-4643)	14 Dec 202010:24	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2020-4643)	14 Dec 202010:25	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities are identified in WebSphere Application Server where Rational Asset Manager is deployed	25 Sep 202008:01	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)	29 Sep 202016:28	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Operations Analytics	14 Dec 202010:47	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-4643)	14 Dec 202010:26	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "f3a5a129-150b-3729-b242-f7f06db508fc",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "202a2ebd-e99d-3955-a87d-8d79314540b5",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "7.0"
      },
      {
        "id": "6a7e3000-35b3-3bd0-b6b1-d13dcb09dbce",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.0"
      },
      {
        "id": "6a99cb35-01a9-36a4-bdac-a837d892438b",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.5"
      },
      {
        "id": "a4a25506-08b2-3e05-a171-440dedcfab3b",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6334311
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/185590
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.6High risk

Vulners AI Score7.6

CVSS 37.5

CVSS 25

CVSS 3.17.5

EPSS0.00344