Medium Severity

Security Bulletin: Watson Knowledge Catalog InstaScan is vulnerable to an XML External Entity (XXE) Injection vulnerability due to IBM WebSphere Application Server Liberty ( CVE-2021-20492 )

Share this post:

WebSphere Application Server Java Batch, that was included in Watson Knowledge Catalog InstaScan, is vulnerable to an XML External Entity Injection (XXE) vulnerability. This has been addressed.

CVE(s): CVE-2021-20492

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Watson Knowledge Catalog InstaScan 1.1.0 – 1.1.6

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6611955
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/197793

More stories

Security Bulletin: A Security Vulnerability was fixed in IBM Application Gateway.

September 27, 2022 | Medium Severity

IBM Security Application Gateway is vulnerable to cross-site scripting. This has been fixed in IBM Application Gateway 22.07 ...read more


Security Bulletin: IBM WebSphere Application Server is vulnerable to Server-Side Request Forgery (CVE-2022-35282)

September 27, 2022 | Medium Severity

IBM WebSphere Application Server is vulnerable to a server-side request forgery vulnerability. This has been addressed. ...read more


Security Bulletin: Information disclosure vulnerability in IBM QRadar User Behavior Analytics (CVE-2022-36771)

September 27, 2022 | Medium Severity

Non-Admin access to some admin level information was available if users had correct paths to the information. Checks were added to authorize access even when it is not initiated from the user interface. ...read more