Lucene search
IBMC32820803AAA84431FF22EC1B0554FD6D05603AA7E499475A794827A361688D2HistoryAug 04, 2021 - 7:47 a.m.
Security Bulletin: IBM Security Privileged Identity Manager is affected by XML External Entity (XXE) Injection vulnerability vulnerability in WebSphere Application Server (CVE-2021-20353)
2021-08-0407:47:08
www.ibm.com
9
ibm
security
privileged identity manager
xml external entity
injection
websphere application server
cve-2021-20353
vulnerability
xxe
attack
remote
exploit
sensitive information
memory resources
x-force
cvss
affected product
remediation
fix
EPSS
0.012
Percentile
85.6%
Summary
IBM Security Privileged Identity Manager has addressed an XML External Entity Injection vulnerability in WebSphere application server.
Vulnerability Details
CVEID:CVE-2021-20353
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 194882.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194882 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ISPIM | 2.1.1 |
| ISPIM | 2.0.2 |
| ISPIM | 2.1.0 |
Remediation/Fixes
| Affected Product(s) | Version(s) | Remediation |
|---|---|---|
| ISPIM | 2.1.1 | 2.1.1-ISS-ISPIM-VA-FP0007 |
| ISPIM | 2.1.0 | 2.1.0-ISS-ISPIM-VA-FP0014 |
|---|---|---|
| ISPIM | 2.0.2 | 2.0.2-ISS-ISPIM-VA-FP0014 |
| — | — | — |
Workarounds and Mitigations
None
Related
ibm
ibm
cve
cve
CVE-2021-20353
2021-02-10 17:15:22
prion
prion
Xxe
2021-02-10 17:15:00
nessus
nessus
nvd
nvd
CVE-2021-20353
2021-02-10 17:15:22
zdi
zdi
cvelist
cvelist
CVE-2021-20353
2021-02-10 17:00:19
EPSS
0.012
Percentile
85.6%
Related for C32820803AAA84431FF22EC1B0554FD6D05603AA7E499475A794827A361688D2