IBM Support

PH34906:XML External Entity Injection (XXE) in WebSphere Application Server Java Batch (CVE-2021-20492 CVSS 6.5)

Download


Downloadable File

File link File size File description

Abstract

XML External Entity Injection (XXE) in WebSphere Application Server Java Batch (CVE-2021-20492 CVSS 6.5)

Download Description

PH34906 resolves the following problem:

ERROR DESCRIPTION:
XML External Entity Injection (XXE) in WebSphere Application Server Java Batch (CVE-2021-20492 CVSS 6.5)

PROBLEM SUMMARY:
XML External Entity Injection (XXE) in WebSphere Application Server Java Batch (CVE-2021-20492 CVSS 6.5)

PROBLEM CONCLUSION:
Confidential for CVE-2021-20492.

The fix for this APAR is targeted for inclusion in fix packs 8.5.5.20, 9.0.5.8 and Liberty 21.0.0.7. For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V90 readme file 2287
V85 readme file 2445
V80 readme file 2354
20.0.0.12 readme file 2212
20.0.0.12 archive readme file 2368
21.0.0.3 archive readme file 2444
21.0.0.5 readme file 2253
21.0.0.5 archive readme file 2444
21.0.0.6 readme file 2210
21.0.0.6 archive readme file 2444

Download Package

 
IMPORTANT NOTE:
WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download the fixes for WebSphere Application Server in this table. 
DOWNLOAD RELEASE DATE SIZE(Bytes)
APPLICABLE
fixpack(s)

DOWNLOAD Options

What is Fix Central(FC)?

9.0.0.7-WS-WASProd-IFPH34906 19 May 2021 279781 9.0.0.7 through 9.0.5.1 FC
9.0.5.2-WS-WASProd-IFPH34906 19 May 2021 278732 9.0.5.2 thorough 9.0.5.7 FC
8.5.5.13-WS-WASProd-IFPH34906 19 May 2021 276271 8.5.5.13 through 8.5.5.16 FC
8.5.5.17-WS-WASProd-IFPH34906 19 May 2021 275118 8.5.5.17 through 8.5.5.19 FC
8.0.0.15-WS-WASProd-IFPH34906 19 May 2021 270562 8.0.0.15 FC
20.0.0.12-WS-WLPWithExtensions-IFPH34906 19 May 2021 2012188 20.0.0.12 FC
200012-extended-archive-IFPH34906 19 May 2021 1947493 20.0.0.12 FC
21.0.0.3-WS-WLPWithExtensions-IFPH34906 19 May 2021 2939075 21.0.0.3 FC
21003-extended-archive-IFPH34906 19 May 2021 2874133 21.0.0.3 FC
21.0.0.5-WS-WLPWithExtensions-IFPH34906 19 May 2021 2957200 21.0.0.5 FC
21005-extended-archive-IFPH34906 19 May 2021 2895560 21.0.0.5 FC
21.0.0.6-WS-WLPWithExtensions-IFPH34906 16 June 2021 2957532 21.0.0.6 FC
21006-extended-archive-IFPH34906 16 June 2021 2895857 21.0.0.6 FC

Problems Solved

PH34906

On

Technical Support

Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m0z0000001j54AAA","label":"Download Documents - L3 Publishing Category"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"20.0.0;21.0.0;8.0.0;8.5.5;9.0.0"}]

Document Information

Modified date:
22 June 2021

UID

ibm16454739