Lucene search
IBM3C712B8D139869EF054E4991E71EC72C0E334FDDB9D1CC423F096366F659BCFFHistoryApr 23, 2021 - 4:52 p.m.
Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20353)
2021-04-2316:52:37
www.ibm.com
5
0.012 Low
EPSS
Percentile
85.6%
Summary
WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability. This has been addressed.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Jazz for Service Management | 1.1.3 |
Remediation/Fixes
| Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
|---|---|---|
| Jazz for Service Management version 1.1.3 - 1.1.3.10 | Websphere Application Server Full Profile 8.5.5 | Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20353) |
| Jazz for Service Management version 1.1.3.7 - 1.1.3.10 |
Websphere Application Server Full Profile 9.0
Workarounds and Mitigations
Please refer to WAS interim fix.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jazz for service management | eq | 1.1.3 |
Related
cve
cve
CVE-2021-20353
2021-02-10 17:15:22
cvelist
cvelist
CVE-2021-20353
2021-02-09 00:00:00
nessus
nessus
prion
prion
Xxe
2021-02-10 17:15:00
nvd
nvd
CVE-2021-20353
2021-02-10 17:15:22
zdi
zdi
0.012 Low
EPSS
Percentile
85.6%
Related for 3C712B8D139869EF054E4991E71EC72C0E334FDDB9D1CC423F096366F659BCFF