High Severity

IBM Security Bulletin: Potential XML External Entity (XXE) Injection Vulnerability in WebSphere Application Server (CVE-2018-1905)

Share this post:

There is a potential XXE injection vulnerability in the Knowledge Center used by WebSphere Application Server.

CVE(s): CVE-2018-1905

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Version 9.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10738721
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152534

More stories

Security Bulletin: WebSphere liberty is vulnerable to a DOS (CVE-2019-4720)

Jun 1, 2020 8:00 pm EDT | High Severity

IBM MobileFirst Platform Foundation has addressed the following vulnerability: WebSphere liberty is vulnerable to a DOS ...read more

Security Bulletin: IBM Planning Analytics Workspace is affected by security vulnerabilities

Jun 1, 2020 8:00 pm EDT | High Severity

The Planning Analytics Workspace component of IBM Planning Analytics is affected by multiple vulnerabilities . These have been addressed in IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 53. ...read more

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Jan 2020 – Includes Oracle Jan 2020 CPU minus CVE-2020-2585, CVE-2020-2654, and CVE-2020-2590

May 30, 2020 8:00 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8** that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM Java SDK updates in Jan 2020. ...read more