PH34906:XML External Entity Injection (XXE) in WebSphere Application Server Java Batch (CVE-2021-20492 CVSS 6.5)

Download

Downloadable File

File link	File size	File description

Abstract

XML External Entity Injection (XXE) in WebSphere Application Server Java Batch (CVE-2021-20492 CVSS 6.5)

Download Description

View the Security Bulletin

PH34906 resolves the following problem:

ERROR DESCRIPTION:
XML External Entity Injection (XXE) in WebSphere Application Server Java Batch (CVE-2021-20492 CVSS 6.5)

PROBLEM SUMMARY:
XML External Entity Injection (XXE) in WebSphere Application Server Java Batch (CVE-2021-20492 CVSS 6.5)

PROBLEM CONCLUSION:
Confidential for CVE-2021-20492.

The fix for this APAR is targeted for inclusion in fix packs 8.5.5.20, 9.0.5.8 and Liberty 21.0.0.7. For more information, see 'Recommended Updates for WebSphere Application Server':
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980

Prerequisites

None

Installation Instructions

Review the readme.txt for detailed installation instructions.

URL	SIZE(Bytes)
V90 readme file	2287
V85 readme file	2445
V80 readme file	2354
20.0.0.12 readme file	2212
20.0.0.12 archive readme file	2368
21.0.0.3 archive readme file	2444
21.0.0.5 readme file	2253
21.0.0.5 archive readme file	2444
21.0.0.6 readme file	2210
21.0.0.6 archive readme file	2444

Download Package

IMPORTANT NOTE:	WebSphere Application Server and Liberty fix access requires S&S Entitlement in 2021. Use properly registered IDs to download the fixes for WebSphere Application Server in this table.

DOWNLOAD	RELEASE DATE	SIZE(Bytes)	APPLICABLE fixpack(s)	DOWNLOAD Options What is Fix Central(FC)?
9.0.0.7-WS-WASProd-IFPH34906	19 May 2021	279781	9.0.0.7 through 9.0.5.1	FC
9.0.5.2-WS-WASProd-IFPH34906	19 May 2021	278732	9.0.5.2 thorough 9.0.5.7	FC
8.5.5.13-WS-WASProd-IFPH34906	19 May 2021	276271	8.5.5.13 through 8.5.5.16	FC
8.5.5.17-WS-WASProd-IFPH34906	19 May 2021	275118	8.5.5.17 through 8.5.5.19	FC
8.0.0.15-WS-WASProd-IFPH34906	19 May 2021	270562	8.0.0.15	FC
20.0.0.12-WS-WLPWithExtensions-IFPH34906	19 May 2021	2012188	20.0.0.12	FC
200012-extended-archive-IFPH34906	19 May 2021	1947493	20.0.0.12	FC
21.0.0.3-WS-WLPWithExtensions-IFPH34906	19 May 2021	2939075	21.0.0.3	FC
21003-extended-archive-IFPH34906	19 May 2021	2874133	21.0.0.3	FC
21.0.0.5-WS-WLPWithExtensions-IFPH34906	19 May 2021	2957200	21.0.0.5	FC
21005-extended-archive-IFPH34906	19 May 2021	2895560	21.0.0.5	FC
21.0.0.6-WS-WLPWithExtensions-IFPH34906	16 June 2021	2957532	21.0.0.6	FC
21006-extended-archive-IFPH34906	16 June 2021	2895857	21.0.0.6	FC

Problems Solved

PH34906

Technical Support

Contact IBM Support at https://www.ibm.com/software/mysupport/s/ or 1-800-IBM-SERV (US only).

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m0z0000001j54AAA","label":"Download Documents - L3 Publishing Category"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"20.0.0;21.0.0;8.0.0;8.5.5;9.0.0"}]

Problems (APARS) fixed
PH34906

Was this topic helpful?

Document Information

Modified date:
22 June 2021

UID

ibm16454739

Tips