VDB
CVE-2020-4643
CVE-2020-4643
PUBLISHED
CVSS 7.5 HIGH
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.
EPSS 0.34% · 57.3th percentile
Risk Scores
CVSS 3.0
7.5
CVSS:3.0/C:H/AV:N/AC:L/S:U/A:N/UI:N/I:N/PR:N/RL:O/E:U/RC:C
EPSS Score
0.34%
57.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | WebSphere | |
| IBM | WebSphere Application Server | 8.5, 9.0, 7.0 |
| ibm | websphere_application_server | 7.0.0.0, 8.5.0.0, 9.0.0.0 |
Exploit Intelligence
Timeline
- Sep 21, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://www.ibm.com/support/pages/node/6334311 url
- ibm-websphere-cve20204643-xxe (185590) vdb
- https://www.ibm.com/support/pages/node/6351367 advisory
- https://www.ibm.com/support/pages/node/6351365 advisory
- https://www.ibm.com/support/pages/node/6351391 advisory
- https://www.ibm.com/support/pages/node/6351443 advisory
- https://www.ibm.com/support/pages/node/6458177 advisory
- https://www.ibm.com/support/pages/node/6458183 advisory
- https://www.ibm.com/support/pages/node/6458075 advisory
- https://www.ibm.com/support/pages/node/6458159 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-4643 advisory