All the vulnerabilites related to Antenna House, Inc. - Office Server Document Converter
jvndb-2021-000095
Vulnerability from jvndb
Published
2021-10-28 15:03
Modified
2021-10-28 15:03
Severity ?
Summary
Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
Details
Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference (XXE) vulnerabilities listed below.
* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20838
Resource exhaustion in the PDF convert server may occur.
* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20839
Massive access to the other servers may occur.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Antenna House, Inc. | Office Server Document Converter |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000095.html",
"dc:date": "2021-10-28T15:03+09:00",
"dcterms:issued": "2021-10-28T15:03+09:00",
"dcterms:modified": "2021-10-28T15:03+09:00",
"description": "Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference (XXE) vulnerabilities listed below. \r\n\r\n* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20838\r\nResource exhaustion in the PDF convert server may occur. \r\n* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20839\r\nMassive access to the other servers may occur.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000095.html",
"sec:cpe": {
"#text": "cpe:/a:antennahouse:office_server_document_converter",
"@product": "Office Server Document Converter",
"@vendor": "Antenna House, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000095",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN33453839/index.html",
"@id": "JVN#33453839",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20838",
"@id": "CVE-2021-20838",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20839",
"@id": "CVE-2021-20839",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20838",
"@id": "CVE-2021-20838",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20839",
"@id": "CVE-2021-20839",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter"
}
cve-2021-20838
Vulnerability from cvelistv5
Published
2021-11-01 01:50
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.antenna.co.jp/news/2021/osdc72-20211027.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN33453839/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Antenna House, Inc. | Office Server Document Converter |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office Server Document Converter",
"vendor": "Antenna House, Inc.",
"versions": [
{
"status": "affected",
"version": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T01:50:14",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office Server Document Converter",
"version": {
"version_data": [
{
"version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
}
]
},
"vendor_name": "Antenna House, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html",
"refsource": "MISC",
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"name": "https://jvn.jp/en/jp/JVN33453839/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20838",
"datePublished": "2021-11-01T01:50:14",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20839
Vulnerability from cvelistv5
Published
2021-11-01 01:50
Modified
2024-08-03 17:53
Severity ?
EPSS score ?
Summary
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.antenna.co.jp/news/2021/osdc72-20211027.html | x_refsource_MISC | |
| https://jvn.jp/en/jp/JVN33453839/index.html | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Antenna House, Inc. | Office Server Document Converter |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office Server Document Converter",
"vendor": "Antenna House, Inc.",
"versions": [
{
"status": "affected",
"version": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T01:50:16",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office Server Document Converter",
"version": {
"version_data": [
{
"version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
}
]
},
"vendor_name": "Antenna House, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html",
"refsource": "MISC",
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"name": "https://jvn.jp/en/jp/JVN33453839/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20839",
"datePublished": "2021-11-01T01:50:16",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}