Lucene search
IBMB2EE2BE1AB09FAC53C7CB92BD49E4B96407C1B6EF734E06DEA8E152DD0A52569HistoryJul 20, 2021 - 9:31 a.m.
Security Bulletin: WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20454)
2021-07-2009:31:28
www.ibm.com
8
0.002 Low
EPSS
Percentile
59.9%
Summary
WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability. This has been addressed.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Jazz for Service Management | 1.1.3 |
Remediation/Fixes
| Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
|---|---|---|
| Jazz for Service Management version 1.1.3 - 1.1.3.11 | Websphere Application Server Full Profile 8.5.5 | Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20454) |
| Jazz for Service Management version 1.1.3.7 - 1.1.3.11 |
Websphere Application Server Full Profile 9.0
Workarounds and Mitigations
Please refer to WAS interim fix.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jazz for service management | eq | 1.1.3 |
Related
cve
cve
CVE-2021-20454
2021-04-21 12:15:08
ibm
ibm
cvelist
cvelist
CVE-2021-20454
2021-04-20 00:00:00
nvd
nvd
CVE-2021-20454
2021-04-21 12:15:08
prion
prion
Xxe
2021-04-21 12:15:00
d0znpp
d0znpp
A4: XML External Entities (XXE) βοΈβββTop 10 OWASP 2017
2021-09-14 13:09:18
0.002 Low
EPSS
Percentile
59.9%
Related for B2EE2BE1AB09FAC53C7CB92BD49E4B96407C1B6EF734E06DEA8E152DD0A52569