IBM WebSphere Application Server 9.0.0.x < 18.104.22.168 XML External Entity Injection (XXE) Vulnerability (CVE-2018-1905)
Medium Nessus Plugin ID 119680
SynopsisThe remote web application server is affected by an XML external entity injection vulnerability.
DescriptionThe IBM WebSphere Application Server running on the remote host is version 9.0.0.x prior to 22.214.171.124. It is, therefore, affected by an XML external entity (XXE) vulnerability due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. An authenticated, remote attacker can exploit this, via specially crafted XML data, to disclose sensitive information.
SolutionUpgrade to IBM WebSphere Application Server 126.96.36.199 or later.
Alternatively, upgrade to the minimal fix pack levels required by the interim fix and then apply Interim Fix PH04192.