EUVD-2020-26196

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM WebSphere Application Server versions 7.0 to 9.0 vulnerable to XML External Entity Injection attack.

Reporter	Title	Published	Views	Family All 43
IBM Security Bulletins	Security Bulletin: Security vulnerability is identified in WebSphere Application Server where Rational Asset Manager is deployed (CVE-2020-4949)	11 Feb 202115:36	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise	17 Oct 202400:55	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4949)	14 Sep 202215:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Privileged Identity Manager is affected by XML External Entity Injection vulnerability in WebSphere (CVE-2020-4949)	30 Jul 202104:12	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2020-4949)	26 Jan 202120:10	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server in IBM Cloud is vulnerable to an XML External Entity (XXE) Injection Vulnerability (CVE-2020-4949)	11 Feb 202118:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Directory Server	17 Aug 202117:09	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2020-4949)	25 Jan 202122:55	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere® Application Server shipped with IBM® Intelligent Operations Center (CVE-2020-4949)	3 Feb 202116:59	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager(CVE-2020-4949)	5 Apr 202120:34	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "46062353-e025-38b3-8b2a-6393e4c4f462",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "04d13ec7-3779-33f3-b89d-e54b3d223b64",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.0"
      },
      {
        "id": "11c18d6c-7f28-3f98-be25-9dad79154868",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.5"
      },
      {
        "id": "77dba003-ac96-3e7a-9256-8c767cb0f649",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "7.0"
      },
      {
        "id": "d0d5de81-35cc-3495-a8bc-a1fda102a934",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6408244
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/192025
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

8.1High risk

Vulners AI Score8.1

CVSS 38.2

CVSS 26.4

CVSS 3.18.2

EPSS0.04754