Vulnerability Details CVE-2021-22498
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.6%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.5
References
Products affected by CVE-2021-22498
-
cpe:2.3:a:microfocus:application_lifecycle_management:12.50
-
cpe:2.3:a:microfocus:application_lifecycle_management:12.60
-
cpe:2.3:a:microfocus:application_lifecycle_management:15.0.0
-
cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1
-
cpe:2.3:a:microfocus:application_lifecycle_management:15.5