IBM597523C6E94F370B148D78A38D17B1D45E9C17E31F353FAEC938BC9B1CBCB22CSecurity Bulletin: Novalink is impacted by XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit affects WebSphere Liberty middle vulnerability in WebSphere Application Server Liberty (CVE-2021-20492)
EPSS
Percentile
52.4%
Summary
Novalink uses WebSphere Application Server Liberty. There is effect on IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.
Vulnerability Details
CVEID:CVE-2021-20492
**DESCRIPTION:**IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197793 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| NovaLink | 1.0.0.16 |
| Novalink | |
| 2.0.1 |
Remediation/Fixes
The recommended solution is to upgrade to Novalink version 1.0.0.16 or 2.0.1 as applicable.
Workarounds and Mitigations
None
Related
EPSS
Percentile
52.4%