CVE-2021-21517

CVE-2021-21517

SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.

Source: CVE-2021-21517

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다