CVE-2020-4949: IBM WebSphere Application Server - XXE attack
Virsec Security Research Lab Vulnerability Analysis
The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
1.1 Vulnerability Summary
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base score of this vulnerability is 8.2 High as per NVD. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
1.3 Affected Version
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0
1.4 Vulnerability Attribution
These vulnerabilities were discovered and reported by IBM Corporation.
1.5 Risk Impact
WebSphere Application Server is a software product that performs the role of a web application server. More specifically, it is a software framework and middleware that hosts Java-based web applications. It is the flagship product within IBM's WebSphere software suite.
Per this website WebSphere is used heavily by top enterprises as below:
Exploiting this vulnerability can lead to exfiltration of sensitive data via an XXE attack and can facilitate lateral movement between workloads. There are no publicly available exploits.
1.6 Virsec Security Platform (VSP) Support:
VSP-APG has capability that can detect XXE attacks and prevent this attack from being exploited.
1.7 Reference Links:
- NVD - CVE-2020-4949 (nist.gov)
- Security Bulletin: WebSphere Application Server is vulnerable to an XML External Entity (XXE) Injection Vulnerability (CVE-2020-4949) (ibm.com)
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!