CVE-2021-20839

EPSS 0.42%
Veröffentlicht 01.11.2021 02:15:06
Zuletzt bearbeitet 21.11.2024 05:47:15
Quelle vultures@jpcert.or.jp
Teams Watchlist Login
Unerledigt Login

Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Antennahouse ≫ Office Server Document Converter Version < 5.2

Antennahouse ≫ Office Server Document Converter Version5.2 Update-

Antennahouse ≫ Office Server Document Converter Version6.0 Update-

Antennahouse ≫ Office Server Document Converter Version6.0 Updatemr1

Antennahouse ≫ Office Server Document Converter Version6.0 Updatemr2

Antennahouse ≫ Office Server Document Converter Version6.1 Update-

Antennahouse ≫ Office Server Document Converter Version6.1 Updatemr2

Antennahouse ≫ Office Server Document Converter Version6.1 Updatemr2 SwEditionpro

Antennahouse ≫ Office Server Document Converter Version6.1 Updatemr3

Antennahouse ≫ Office Server Document Converter Version6.1 Updatemr4

Antennahouse ≫ Office Server Document Converter Version7.0

Antennahouse ≫ Office Server Document Converter Version7.0 Updatemr1

Antennahouse ≫ Office Server Document Converter Version7.0 Updatemr2

Antennahouse ≫ Office Server Document Converter Version7.0 Updatemr3

Antennahouse ≫ Office Server Document Converter Version7.1 Update-

Antennahouse ≫ Office Server Document Converter Version7.1 Updatemr1

Antennahouse ≫ Office Server Document Converter Version7.1 Updatemr2

Antennahouse ≫ Office Server Document Converter Version7.1 Updatemr3

Antennahouse ≫ Office Server Document Converter Version7.2

Antennahouse ≫ Office Server Document Converter Version7.2 Updatemr1

Antennahouse ≫ Office Server Document Converter Version7.2 Updatemr2

Antennahouse ≫ Office Server Document Converter Version7.2 Updatemr3

Antennahouse ≫ Office Server Document Converter Version7.2 Updatemr4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.59

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://jvn.jp/en/jp/JVN33453839/index.html

Third Party Advisory

https://www.antenna.co.jp/news/2021/osdc72-20211027.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-20839

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20839

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20839

EUVD