IBM Support

PH33228: XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20353 CVSS 8.2)

Download


Downloadable File

Abstract

XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20353 CVSS 8.2)

Download Description

PH33228 resolves the following problem:

ERROR DESCRIPTION:
XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20353)

LOCAL FIX:


PROBLEM SUMMARY:
XML External Entity (XXE) Injection vulnerability in WebSphere Application Server (CVE-2021-20353)

PROBLEM CONCLUSION:

The fix for this APAR is currently targeted for inclusion in fix packs 8.5.5.20 and 9.0.5.7.

Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
9.0.5 Readme 2366
9.0.0.11 Readme 2320
8.5.5.19 Readme 2309
V85 Readme 2435
V80 Readme 2414
V70 Readme 5093

Download Package

 
IMPORTANT NOTE:
WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021, use properly registered IDs to download fixes for WebSphere Application Server below. 
DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?

9.0.5.0-WS-WASProd-IFPH33228 09 February 2021 335689 FC
9.0.0.11-WS-WASProd-IFPH33228 07 April 2021 302947 FC
8.5.5.19-WS-WASProd-IFPH33228 15 February 2021 303037 FC
8.5.5.14-WS-WASProd-IFPH33228 09 February 2021 324731 FC
8.0.0.12-WS-WAS-IFPH33228 09 February 2021 269823 FC
7.0.0.41-WS-WAS-IFPH33228 09 February 2021 55828 FC

Problems Solved

PH33228

On

Technical Support

Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"7.0.0.41;7.0.0.43;7.0.0.45;8.0.0.12;8.0.0.13;8.0.0.14;8.0.0.15;8.5.5.14;8.5.5.15;8.5.5.16;8.5.5.17;8.5.5.18;9.0.5.0;9.0.5.1;9.0.5.2;9.0.5.3;9.0.5.4;9.0.5.5;9.0.5.6","Edition":"Base","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
07 April 2021

UID

ibm16413689