IBM Support

PH34048:XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2)

Download


Downloadable File

Abstract

XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2)

Download Description

PH34048 resolves the following problem:

ERROR DESCRIPTION:
XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2).

PROBLEM SUMMARY:
XXE Injection Vulnerability in WebSphere Application Server (CVE-2021-20454 CVSS 8.2).

PROBLEM CONCLUSION:
Confidential for CVE-2021-20454.

The fix for this APAR is currently targeted for inclusion in fix packs 8.5.5.20 and 9.0.5.8.

Please refer to the Recommended Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V90 Readme 2231
V85 Readme 2450
V70 Readme 5086
V80 Readme 2397

Download Package

 
IMPORTANT NOTE:
WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021, use properly registered IDs to download fixes for WebSphere Application Server below. 
DOWNLOAD RELEASE DATE SIZE(Bytes) APPLICABLE fixpack(s)

DOWNLOAD Options

What is Fix Central(FC)?

8.0.0.15-WS-WASEmbeded-IFPH34048 16 April 2021 261652 8.0.0.15 FC
8.0.0.15-WS-WASProd-IFPH34048 16 April 2021 268399 8.0.0.15 FC
9.0.5.4-WS-WASProd-IFPH34048 16 April 2021 277132 9.0.5.4 through 9.0.5.7 FC
8.5.5.15-WS-WASProd-IFPH34048 16 April 2021 280104 8.5.5.15 through 8.5.5.19 FC
7.0.0.45-WS-WAS-IFPH34048 16 April 2021 34501 7.0.0.45 FC

Problems Solved

PH34048

On

Technical Support

Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Business Unit":{"code":"Cloud & Data Platform","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z/OS"}],"Version":"7.0.0.45;8.0.0.15;8.5.5.15;8.5.5.16;8.5.5.17;8.5.5.18;8.5.5.19;9.0.5.4;9.0.5.5;9.0.5.6;9.0.5.7","Edition":"Base"}]

Document Information

Modified date:
20 April 2021

UID

ibm16445441