IBM WebSphere Application Server XML external entity injection
CVE-2023-27554

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server
Vendor: CVE Published:; 11 May 2023

What is CVE-2023-27554?

IBM WebSphere Application Server versions 8.5 and 9.0 are vulnerable to XML External Entity Injection, which allows remote attackers to exploit XML processing features. This vulnerability can lead to the exposure of sensitive information or excessive memory consumption, posing significant risks to server integrity and data security.

Affected Version(s)

WebSphere Application Server 8.5, 9.0

References

https://www.ibm.com/support/pages/node/6989451

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/249185

vdb-entry

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Mar 2, 2023