IBME33F6434570AE9B0FA0C3C9527CEB2AE08E8F2632A2EE39779A824516A52B730Security Bulletin: Vulnerability of xmlbeans-2.6.0.jar has affected APM DataPower agent.
0.004 Low
EPSS
Percentile
72.6%
Summary
APM DataPower Agent is vulnerable to xmlbeans-2.6.0.jar vulnerability described in CVE 2021-23926. The fix includes xmlbeans-2.6.0.jar upgraded to xmlbeans-3.1.0.jar
Vulnerability Details
CVEID:CVE-2021-23926
**DESCRIPTION:**Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity (XXE) error when processing XML data. By sending a specially-crafted XML request, a remote attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194818 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| APM Agents for Monitoring | all |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading:
| Product Remediation | Fix |
|---|---|
| APM on-premise |
APM DataPower Agent release 8.1.4.0.20(DataPower agent version: 08.23.05.00)
Download the APM Advanced Agents installer from Passport Advantage. Please refer below link for download instructions:
<https://www.ibm.com/docs/en/capmp/8.1.4?topic=advantage-part-numbers>
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| apm agents for monitoring | eq | any |
Related
0.004 Low
EPSS
Percentile
72.6%