CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.6%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 6.4

References

Products affected by CVE-2021-23926

Apache » Xmlbeans » Version: 2.6.0

cpe:2.3:a:apache:xmlbeans:2.6.0
Netapp » Oncommand Unified Manager Core Package » Version: N/A

cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-
Netapp » Snap Creator Framework » Version: N/A

cpe:2.3:a:netapp:snap_creator_framework:-
Netapp » Snapmanager » Version: N/A

cpe:2.3:a:netapp:snapmanager:-
Oracle » Middleware Common Libraries And Tools » Version: 12.2.1.3.0

cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0
Oracle » Middleware Common Libraries And Tools » Version: 12.2.1.4.0

cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.57

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.58

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.59

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-23926

Products

Pricing

Contact Us