The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Watch the video to learn more about this and other important vulnerabilities.
The CVSS Base score of this vulnerability is 8.2 High as per NVD. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0
These vulnerabilities were discovered and reported by IBM Corporation.
WebSphere Application Server is a software product that performs the role of a web application server. More specifically, it is a software framework and middleware that hosts Java-based web applications. It is the flagship product within IBM's WebSphere software suite.
Per this website WebSphere is used heavily by top enterprises as below:
Exploiting this vulnerability can lead to exfiltration of sensitive data via an XXE attack and can facilitate lateral movement between workloads. There are no publicly available exploits.
VSP-APG has capability that can detect XXE attacks and prevent this attack from being exploited.
Download the full vulnerability report to learn more about this and other important vulnerabilities.
Jump to: List of CVE Vulnerabilities
Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!