9.1
CVE-2021-23926
- EPSS 0.32%
- Veröffentlicht 14.01.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 05:52:03
- Quelle security@apache.org
- Teams Watchlist Login
- Unerledigt Login
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netapp ≫ Oncommand Unified Manager Core Package Version-
Netapp ≫ Snap Creator Framework Version-
Netapp ≫ Snapmanager Version- SwPlatformoracle
Netapp ≫ Snapmanager Version- SwPlatformsap
Debian ≫ Debian Linux Version9.0
Oracle ≫ Middleware Common Libraries And Tools Version12.2.1.3.0
Oracle ≫ Middleware Common Libraries And Tools Version12.2.1.4.0
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.521 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:P
|
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.