CVE-2020-4643: IBM WebSphere Application Server XXE Vulnerability Alert

On September 17, 2020, IBM officially reported an XXE vulnerability, CVE-2020-4643 that exists in WebSphere Application Server. When IBM WebSphere Application Server processes XML data, it is vulnerable to XML External Entity Injection (XXE) attacks. This vulnerability can be used to steal sensitive information.

CVE-2018-1567

IBM WebSphere Application Server is a high-performance Java application server that can be used to build, run, integrate, protect, and manage internal and/or externally deployed dynamic cloud and web applications. It not only ensures high performance and flexibility but also provides a variety of open standard programming model options, aimed at maximizing developer productivity.

Affected version

  • WebSphere Application Server 7.0
  • WebSphere Application Server 8.0
  • WebSphere Application Server 8.5
  • WebSphere Application Server 9.0

Solution

At present, IBM has released a repair package for this vulnerability. The user is recommended to upgrade WebSphere Application Server as soon as possible.