CVE-2021-21517
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.
SRS Policy Manager versiones 6.X, está afectado por una vulnerabilidad de Inyección de XML External Entity (XXE) debido a un analizador XML configurado inapropiadamente que procesa una entrada DTD proporcionada por el usuario sin una suficiente comprobación. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para leer archivos de sistema como un usuario no root y puede ser capaz de interrumpir temporalmente el servicio ESRS
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-03-01 CVE Published
- 2024-02-29 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dell Search vendor "Dell" | Emc Srs Policy Manager Search vendor "Dell" for product "Emc Srs Policy Manager" | 6.6 Search vendor "Dell" for product "Emc Srs Policy Manager" and version "6.6" | - |
Affected
| ||||||
Dell Search vendor "Dell" | Emc Srs Policy Manager Search vendor "Dell" for product "Emc Srs Policy Manager" | 6.8.3 Search vendor "Dell" for product "Emc Srs Policy Manager" and version "6.8.3" | - |
Affected
| ||||||
Dell Search vendor "Dell" | Emc Srs Policy Manager Search vendor "Dell" for product "Emc Srs Policy Manager" | 6.9.0 Search vendor "Dell" for product "Emc Srs Policy Manager" and version "6.9.0" | - |
Affected
|