EUVD-2021-7910

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

IBM WebSphere and Liberty Java Batch are vulnerable to XML External Entity Injection attacks.

Reporter	Title	Published	Views	Family All 46
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2021-20492, CVE-2021-29754, CVE-2021-29736, CVE-2015-5262, CVE-2014-3577, CVE-2012-6153, CVE-2011-1498)	16 Sep 202106:01	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Appilcation Server and WebSphere Application Server Liberty affects IBM Engineering ELM products on IBM Jazz technology.	1 Jun 202115:41	–	ibm
IBM Security Bulletins	Security Bulletin: Using components with known vulnerabilities in IBM Security Guardium Key Lifecycle Manager (CVE-2021-20492)	12 Nov 202106:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise	21 Sep 202109:48	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2021-20492)	28 Jun 202113:29	–	ibm
IBM Security Bulletins	Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to an XML External Entity (XXE) Injection vulnerability due to IBM WebSphere Application Server Liberty ( CVE-2021-20492 )	11 Aug 202204:50	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Security Identity Manager	8 Jun 202122:20	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Liberty profile shipped with IBM Robotic Process Automation	18 Jul 202221:58	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server Java Batch shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2021-20492)	31 May 202104:34	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2021-20492)	2 Jun 202119:47	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "cf683fcf-f041-3a8e-8e15-db0c06273e23",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "25ffde9d-b9f6-3dbe-aa5c-feb504bf4405",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "Liberty"
      },
      {
        "id": "835cb465-4df3-3216-a05e-397ea4f9d9c4",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.5"
      },
      {
        "id": "b93d54e3-d34d-3c12-9211-95018094e702",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "8.0"
      },
      {
        "id": "d5b70b62-5991-3217-9165-195c15e85503",
        "product": {
          "name": "WebSphere Application Server"
        },
        "product_version": "9.0"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6456017
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/197793

03 Oct 2025 20:07Current

6.8Medium risk

Vulners AI Score6.8

CVSS 36.5

CVSS 26.4

CVSS 3.18.2

EPSS0.00304