CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27736

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.7%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

Products affected by CVE-2021-27736

Fusionauth » Saml V2 » Version: N/A

cpe:2.3:a:fusionauth:saml_v2:-
Fusionauth » Saml V2 » Version: 0.1.0

cpe:2.3:a:fusionauth:saml_v2:0.1.0
Fusionauth » Saml V2 » Version: 0.2.0

cpe:2.3:a:fusionauth:saml_v2:0.2.0
Fusionauth » Saml V2 » Version: 0.2.1

cpe:2.3:a:fusionauth:saml_v2:0.2.1
Fusionauth » Saml V2 » Version: 0.2.2

cpe:2.3:a:fusionauth:saml_v2:0.2.2
Fusionauth » Saml V2 » Version: 0.2.3

cpe:2.3:a:fusionauth:saml_v2:0.2.3
Fusionauth » Saml V2 » Version: 0.2.4

cpe:2.3:a:fusionauth:saml_v2:0.2.4
Fusionauth » Saml V2 » Version: 0.3.0

cpe:2.3:a:fusionauth:saml_v2:0.3.0
Fusionauth » Saml V2 » Version: 0.3.1

cpe:2.3:a:fusionauth:saml_v2:0.3.1
Fusionauth » Saml V2 » Version: 0.3.2

cpe:2.3:a:fusionauth:saml_v2:0.3.2
Fusionauth » Saml V2 » Version: 0.3.3

cpe:2.3:a:fusionauth:saml_v2:0.3.3
Fusionauth » Saml V2 » Version: 0.3.4

cpe:2.3:a:fusionauth:saml_v2:0.3.4
Fusionauth » Saml V2 » Version: 0.3.5

cpe:2.3:a:fusionauth:saml_v2:0.3.5
Fusionauth » Saml V2 » Version: 0.4.0

cpe:2.3:a:fusionauth:saml_v2:0.4.0
Fusionauth » Saml V2 » Version: 0.5.0

cpe:2.3:a:fusionauth:saml_v2:0.5.0
Fusionauth » Saml V2 » Version: 0.5.1

cpe:2.3:a:fusionauth:saml_v2:0.5.1
Fusionauth » Saml V2 » Version: 0.5.2

cpe:2.3:a:fusionauth:saml_v2:0.5.2
Fusionauth » Saml V2 » Version: 0.5.3

cpe:2.3:a:fusionauth:saml_v2:0.5.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-27736

Products

Pricing

Contact Us