IBM Support

PH04192:Confidential for Security Integrity ifix: Potential XML External Entity

Download


Abstract

Confidential for Security Integrity ifix: Potential XML External Entity Injection (XXE) with Knowledge Center deployed on WebSphere Application Server (CVE-2018-1905)

Download Description

PH04192 resolves the following problem:

ERROR DESCRIPTION: Confidential for Security Integrity ifix: Potential XML External Entity Injection (XXE) with Knowledge Center deployed on WebSphere Application Server (CVE-2018-1905).

PROBLEM SUMMARY: Confidential for Security Integrity ifix: Potential XML External Entity Injection (XXE) with Knowledge Center deployed on WebSphere Application Server (CVE-2018-1905).

PROBLEM CONCLUSION: The XML External Entity Injection (XXE) in the Knowledge Center deployed on WebSphere Application Server is fixed.

The fix for this APAR is currently targeted for inclusion in fix pack 9.0.0.10.  Please refer to the Recommended Updates page for delivery information: 

http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 

Prerequisites

None

Installation Instructions

Please review the readme.txt for detailed installation instructions.

URL SIZE(Bytes)
V90 Readme 2583

 

Download Package

 

DOWNLOAD RELEASE DATE SIZE(Bytes)

DOWNLOAD Options

What is Fix Central(FC)?

9.0.0.8-WS-WAS-IFPH04192 11-19-2018 216904 FC

 

Problems Solved

PH04192

On

Technical Support

Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site, or contact 1-800-IBM-SERV (U.S. only).

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"General","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0.0.8;9.0.0.9","Edition":"Advanced,Base,Developer,Enterprise,Express,Network Deployment,Single Server","Line of Business":{"code":"LOB15","label":"Integration"}}]

Document Information

Modified date:
20 November 2018

UID

ibm10741401