October 24, 2020

CVE-2020-4643: IBM WebSphere Application Server XXE Vulnerability Alert

1 min read

On September 17, 2020, IBM officially reported an XXE vulnerability, CVE-2020-4643 that exists in WebSphere Application Server. When IBM WebSphere Application Server processes XML data, it is vulnerable to XML External Entity Injection (XXE) attacks. This vulnerability can be used to steal sensitive information.


IBM WebSphere Application Server is a high-performance Java application server that can be used to build, run, integrate, protect, and manage internal and/or externally deployed dynamic cloud and web applications. It not only ensures high performance and flexibility but also provides a variety of open standard programming model options, aimed at maximizing developer productivity.

Affected version

  • WebSphere Application Server 7.0
  • WebSphere Application Server 8.0
  • WebSphere Application Server 8.5
  • WebSphere Application Server 9.0


At present, IBM has released a repair package for this vulnerability. The user is recommended to upgrade WebSphere Application Server as soon as possible.