APM DataPower Agent is vulnerable to xmlbeans-2.6.0.jar vulnerability described in CVE 2021-23926. The fix includes xmlbeans-2.6.0.jar upgraded to xmlbeans-3.1.0.jar
CVEID:CVE-2021-23926
**DESCRIPTION:**Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity (XXE) error when processing XML data. By sending a specially-crafted XML request, a remote attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194818 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
APM Agents for Monitoring | all |
IBM strongly recommends addressing the vulnerability now by upgrading:
Product Remediation | Fix |
---|---|
APM on-premise |
APM DataPower Agent release 8.1.4.0.20(DataPower agent version: 08.23.05.00)
Download the APM Advanced Agents installer from Passport Advantage. Please refer below link for download instructions:
<https://www.ibm.com/docs/en/capmp/8.1.4?topic=advantage-part-numbers>
None
CPE | Name | Operator | Version |
---|---|---|---|
apm agents for monitoring | eq | any |