Rewterz Threat Alert – Trickbot Malware- Active IOCs
July 19, 2021Rewterz Threat Alert – AZORult Active-IOCs
July 19, 2021Rewterz Threat Alert – Trickbot Malware- Active IOCs
July 19, 2021Rewterz Threat Alert – AZORult Active-IOCs
July 19, 2021Severity
High
Analysis Summary
CVE-2021-20454
IBM WebSphere Application Server is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2021-20453
IBM WebSphere Application Server is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2021-20480
IBM WebSphere Application Server is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data.
Impact
- Information Theft
- Denial of Service
Affected Vendors
IBM
Affected Products
- IBM WebSphere Application Server 7.0
- IBM WebSphere Application Server 8.0
- IBM WebSphere Application Server 9.0
Remediation
Refer to the appropriate IBM Security Bulletin for the patch, upgrade, or suggested workaround information.