CVE-2021-40690
CVSS v3.1
7.5 (High)
CVSS v2.0
5 (Medium)
EPSS
0.11 % (44th)
Affected Products
18
Advisories
3
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
Weaknesses
- CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2021-09-19 18:15:07
(3 years ago) - Updated Date
-
2023-11-07 03:38:37
(10 months ago)
Affected Products
- Agile Plm
- Commerce Guided Search
- Commerce Platform
- Communications Diameter Intelligence Hub
- Communications Messaging Server
- Flexcube Private Banking
- Outside In Technology
- Peoplesoft Enterprise Peopletools
- Retail Bulk Data Integration
- Retail Financial Integration
- Retail Integration Bus
- Retail Merchandising System
- Retail Service Backbone
- Weblogic Server
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...