6.5
CVE-2021-3541
- EPSS 0.07%
- Published 09.07.2021 17:15:07
- Last modified 21.11.2024 06:21:48
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Jboss Core Services Version-
Oracle ≫ Zfs Storage Appliance Kit Version8.8
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Cloud Backup Version-
Netapp ≫ Clustered Data Ontap Version-
Netapp ≫ Clustered Data Ontap Antivirus Connector Version-
Netapp ≫ Manageability Software Development Kit Version-
Netapp ≫ Ontap Select Deploy Administration Utility Version-
Netapp ≫ Smi-s Provider Version-
Netapp ≫ H410c Firmware Version-
Netapp ≫ H300s Firmware Version-
Netapp ≫ H500s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H300e Firmware Version-
Netapp ≫ H500e Firmware Version-
Netapp ≫ H700e Firmware Version-
Netapp ≫ H410s Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.208 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.