CVE-2021-21470

LOW Year: 2021
CVSS v3 Score
3.6
Low
CVSS v2 Score
3.6
Low
Weakness Type
CWE-611
View all →

Vulnerability Description

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configuration files. This occurs as logging service does not disable XML external entities when parsing configuration files and a successful exploit would result in limited impact on integrity and availability of the application.

Related Vulnerabilities

CVE-2020-26229

LOW
CVSS:3.7(Low)

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerabi...

CWE-6112020

CVE-2022-0861

LOW
CVSS:3.8(Low)

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension ...

CWE-6112022

CVE-2018-16252

LOW
CVSS:3.3(Low)

FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.

CWE-6112018

CVE-2020-12025

LOW
CVSS:3.3(Low)

Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resourc...

CWE-6112020

CVE-2020-11885

MEDIUM
CVSS:4.0(Medium)

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded...

CWE-6112020

CVE-2025-29932

MEDIUM
CVSS:4.1(Medium)

In JetBrains GoLand before 2025.1 an XXE during debugging was possible

CWE-6112025