Lucene search
IBM6451C54267B916DF46D545FA3D95C9B8F67BF356BE15EA40C0CBD45EF92B210FHistoryJun 01, 2021 - 4:09 p.m.
Security Bulletin: Embedded WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection attack and affects Content Collector for Email
2021-06-0116:09:50
www.ibm.com
13
websphere application server
xxe injection
content collector
email
vulnerability
ibm
remediation
xml external entity
cve-2021-20454
EPSS
0.002
Percentile
59.9%
Summary
Embedded WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection vulnerability.
Vulnerability Details
CVEID:CVE-2021-20454
**DESCRIPTION:**IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196649.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196649 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Content Collector for Email | 4.0.x |
Remediation/Fixes
| Product | VRM | Remediation |
|---|---|---|
| Content Collector for Email | 4.0.1 | Use Content Collector for Email 4.0.1.9 Interim Fix IF010 |
Workarounds and Mitigations
None
Related
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2021-20454)
2021-09-29 12:26:12
cvelist
cvelist
CVE-2021-20454
2021-04-21 12:05:20
cve
cve
CVE-2021-20454
2021-04-21 12:15:08
prion
prion
Xxe
2021-04-21 12:15:00
nvd
nvd
CVE-2021-20454
2021-04-21 12:15:08
d0znpp
d0znpp
A4: XML External Entities (XXE) βοΈβββTop 10 OWASP 2017
2021-09-14 13:09:18
EPSS
0.002
Percentile
59.9%
Related for 6451C54267B916DF46D545FA3D95C9B8F67BF356BE15EA40C0CBD45EF92B210F