Websphere Application Server (WAS) is shipped as a component of IBM Operations Analytics Predictive Insights. Information about WebSphere Application Server vulnerability( CVE-2021-20353 ) to an XML External Entity Injection (XXE) which could result in a denial of service attack has been published in a security bulletin.
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Principal Product and Version(s) | Affected Supporting Product and Version(s) |
---|---|
IBM Operations Analytics Predictive Insights - All | Websphere Application Server 8.5 |
IBM Operations Analytics Predictive Insights v1.3.6.3 | Websphere Application Server 9.0 |
For more information and recommended solutions see the full details disclosed in the security bulletin: Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20353)
In summary, details for Predictive Insights WebSphere only:
For WebSphere v9.0.0.0 through 9.0.5.5:
For more information and recommended solutions see the full details disclosed in the security bulletin: Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20353)
For WebSphere v8.5.0.0 through 8.5.5.18:
For more information and recommended solutions see the full details disclosed in the security bulletin: Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability (CVE-2021-20353)
None