1. Home
  2. Vulnerabilities
  3. CVE-2021-38555

CVE-2021-38555

CVSS v3.1 9.1 (Critical)
91% Progress
CVSS v2.0 6.4 (Medium)
64% Progress
EPSS 0.14 % (51th)
0.14% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access.

Weaknesses
CWE-611
Improper Restriction of XML External Entity Reference
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2021-09-11 11:15:08
(3 years ago)
Updated Date
2021-09-23 15:49:23
(3 years ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Any23 prior 2.5 version cpe:2.3:a:apache:any23 < 2.5