Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-23926

Опубликовано: 13 янв. 2021
Источник: redhat
CVSS3: 7.4
EPSS Низкий

Описание

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

A flaw was found when parsing XML files using XMLBeans 2.6.0 or below. The underlying parser created by XMLBeans could be susceptible to XML External Entity (XXE) attacks. The highest threat from this vulnerability is to confidentiality and system availability.

Меры по смягчению последствий

Affected users are advised to update to Apache XMLBeans 3.0.0 or above, which fixes this vulnerability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6xmlbeansOut of support scope
Red Hat CodeReady Studio 12xmlbeansAffected
Red Hat Decision Manager 7xmlbeansNot affected
Red Hat Integration Camel K 1xmlbeansNot affected
Red Hat JBoss BRMS 6xmlbeansOut of support scope
Red Hat JBoss Data Virtualization 6xmlbeansOut of support scope
Red Hat JBoss Enterprise Application Platform 7xmlbeansNot affected
Red Hat JBoss Fuse 6xmlbeansAffected
Red Hat JBoss Fuse Service Works 6xmlbeansOut of support scope
Red Hat JBoss SOA Platform 5xmlbeansOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-776
https://bugzilla.redhat.com/show_bug.cgi?id=1922102xmlbeans: allowed malicious XML input may lead to XML Entity Expansion attack

EPSS

Процентиль: 55%
0.00322
Низкий

7.4 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-23926

CVSS3: 9.1
ubuntu
около 5 лет назад

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

nvd логотип

CVE-2021-23926

CVSS3: 9.1
nvd
около 5 лет назад

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

debian логотип

CVE-2021-23926

CVSS3: 9.1
debian
около 5 лет назад

The XML parsers used by XMLBeans up to version 2.6.0 did not set the p ...

suse-cvrf логотип

SUSE-SU-2022:3876-1

suse-cvrf
больше 3 лет назад

Security update for xmlbeans

suse-cvrf логотип

SUSE-SU-2022:3875-1

suse-cvrf
больше 3 лет назад

Security update for xmlbeans

EPSS

Процентиль: 55%
0.00322
Низкий

7.4 High

CVSS3