IBM Support

PH34048:XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2)

Download


Downloadable File

Abstract

XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2)

Download Description

PH34048 resolves the following problem:

ERROR DESCRIPTION:
XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2).

PROBLEM SUMMARY:
XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2).

PROBLEM CONCLUSION:
Confidential for CVE-2021-20454.

The fix for this APAR is targeted for inclusion in fix packs 8.5.5.20 and 9.0.5.8.  For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V90 readme file 2231
V85 readme file 2450
V70 readme file 5086
V80 readme file 2397

Download Package

 
IMPORTANT NOTE:
WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download the fixes in this table. 
DOWNLOAD RELEASE DATE SIZE(Bytes) APPLICABLE fixpack(s)

DOWNLOAD Options

What is Fix Central(FC)?

8.0.0.15-WS-WASEmbeded-IFPH34048 16 April 2021 261652 8.0.0.15 FC
8.0.0.15-WS-WASProd-IFPH34048 16 April 2021 268399 8.0.0.15 FC
9.0.0.11-WS-WASProd-IFPH34048 07 June 2021 269013 9.0.0.11 FC
9.0.5.4-WS-WASProd-IFPH34048 16 April 2021 277132 9.0.5.4 through 9.0.5.7 FC
8.5.5.15-WS-WASProd-IFPH34048 16 April 2021 280104 8.5.5.15 through 8.5.5.19 FC
7.0.0.45-WS-WAS-IFPH34048 16 April 2021 34501 7.0.0.45 FC

Problems Solved

PH34048

On

Technical Support

Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"7.0.0.45;8.0.0.15;8.5.5.15;8.5.5.16;8.5.5.17;8.5.5.18;8.5.5.19;9.0.5.4;9.0.5.5;9.0.5.6;9.0.5.7","Edition":"Base","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
04 August 2021

UID

ibm16445441