CVE-2021-33208

Published: Mar 30, 2022Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.

Affected (1)

Products: Softwareag: Mashzone Nextgen

Softwareag

1 product

Mashzone Nextgen

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Softwareag Mashzone Nextgen	Up to 10.7

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208

Source: cve@mitre.org

Third Party Advisory

https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default

Source: cve@mitre.org

ProductVendor Advisory

https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.