CVE-2021-33208

Опубликовано: 30 мар. 2022

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.

Ссылки

https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208
Third Party Advisory
https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default
Product
Vendor Advisory
https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208
Third Party Advisory
https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softwareag:mashzone_nextgen:*:*:*:*:*:*:*:*

Версия до 10.7 (включая)

EPSS

Процентиль: 76%

0.00941

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-p9j3-8mpg-p3pf