CVE-2021-20839

EPSS 0.42%
Published 01.11.2021 02:15:06
Last modified 21.11.2024 05:47:15
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Antennahouse ≫ Office Server Document Converter Version < 5.2

Antennahouse ≫ Office Server Document Converter Version5.2 Update-

Antennahouse ≫ Office Server Document Converter Version6.0 Update-

Antennahouse ≫ Office Server Document Converter Version6.0 Updatemr1

Antennahouse ≫ Office Server Document Converter Version6.0 Updatemr2

Antennahouse ≫ Office Server Document Converter Version6.1 Update-

Antennahouse ≫ Office Server Document Converter Version6.1 Updatemr2

Antennahouse ≫ Office Server Document Converter Version6.1 Updatemr2 SwEditionpro

Antennahouse ≫ Office Server Document Converter Version6.1 Updatemr3

Antennahouse ≫ Office Server Document Converter Version6.1 Updatemr4

Antennahouse ≫ Office Server Document Converter Version7.0

Antennahouse ≫ Office Server Document Converter Version7.0 Updatemr1

Antennahouse ≫ Office Server Document Converter Version7.0 Updatemr2

Antennahouse ≫ Office Server Document Converter Version7.0 Updatemr3

Antennahouse ≫ Office Server Document Converter Version7.1 Update-

Antennahouse ≫ Office Server Document Converter Version7.1 Updatemr1

Antennahouse ≫ Office Server Document Converter Version7.1 Updatemr2

Antennahouse ≫ Office Server Document Converter Version7.1 Updatemr3

Antennahouse ≫ Office Server Document Converter Version7.2

Antennahouse ≫ Office Server Document Converter Version7.2 Updatemr1

Antennahouse ≫ Office Server Document Converter Version7.2 Updatemr2

Antennahouse ≫ Office Server Document Converter Version7.2 Updatemr3

Antennahouse ≫ Office Server Document Converter Version7.2 Updatemr4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.42%	0.59

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://jvn.jp/en/jp/JVN33453839/index.html

Third Party Advisory

https://www.antenna.co.jp/news/2021/osdc72-20211027.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-20839

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20839

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20839

EUVD