![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Trickbot Malware- Active IOCs
July 19, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – AZORult Active-IOCs
July 19, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – Trickbot Malware- Active IOCs
July 19, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Alert – AZORult Active-IOCs
July 19, 2021Severity
High
Analysis Summary
CVE-2021-20454
IBM WebSphere Application Server is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2021-20453
IBM WebSphere Application Server is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2021-20480
IBM WebSphere Application Server is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data.
Impact
- Information Theft
- Denial of Service
Affected Vendors
IBM
Affected Products
- IBM WebSphere Application Server 7.0
- IBM WebSphere Application Server 8.0
- IBM WebSphere Application Server 9.0
Remediation
Refer to the appropriate IBM Security Bulletin for the patch, upgrade, or suggested workaround information.