jvndb-2021-000095
Vulnerability from jvndb
Published
2021-10-28 15:03
Modified
2021-10-28 15:03
Severity ?
Summary
Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
Details
Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference (XXE) vulnerabilities listed below.
* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20838
Resource exhaustion in the PDF convert server may occur.
* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20839
Massive access to the other servers may occur.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Antenna House, Inc. | Office Server Document Converter |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000095.html",
"dc:date": "2021-10-28T15:03+09:00",
"dcterms:issued": "2021-10-28T15:03+09:00",
"dcterms:modified": "2021-10-28T15:03+09:00",
"description": "Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference (XXE) vulnerabilities listed below. \r\n\r\n* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20838\r\nResource exhaustion in the PDF convert server may occur. \r\n* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20839\r\nMassive access to the other servers may occur.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000095.html",
"sec:cpe": {
"#text": "cpe:/a:antennahouse:office_server_document_converter",
"@product": "Office Server Document Converter",
"@vendor": "Antenna House, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000095",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN33453839/index.html",
"@id": "JVN#33453839",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20838",
"@id": "CVE-2021-20838",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20839",
"@id": "CVE-2021-20839",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20838",
"@id": "CVE-2021-20838",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20839",
"@id": "CVE-2021-20839",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.