How severe is CVE-2021-27635?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2021-27635?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2021-27635

CRITICAL Year: 2021

CVSS v3 Score

9.0

Critical

CVSS v2 Score

5.5

Medium

Weakness Type

CWE-611

View all →

Vulnerability Description

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise confidentiality by allowing them to read any file on the filesystem or fully compromise availability by causing the system to crash. The attack cannot be used to change any data so that there is no compromise as to integrity.

CVE-2016-10127

CRITICAL

CVSS:9.0(Critical)

PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.

CWE-6112016

CVE-2018-1000828

CRITICAL

CVSS:9.0(Critical)

FrostWire version <= frostwire-desktop-6.7.4-build-272 contains a XML External Entity (XXE) vulnerability in Man in the middle on update that can result in Disclosure of confidential data, denial of s...

CWE-6112018

CVE-2018-1000829

CRITICAL

CVSS:9.0(Critical)

Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SS...

CWE-6112018

CVE-2018-1000834

CRITICAL

CVSS:9.0(Critical)

runelite version <= runelite-parent-1.4.23 contains a XML External Entity (XXE) vulnerability in Man in the middle runscape services call that can result in Disclosure of confidential data, denial of ...

CWE-6112018

CVE-2018-1000836

CRITICAL

CVSS:9.0(Critical)

bw-calendar-engine version <= bw-calendar-engine-3.12.0 contains a XML External Entity (XXE) vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of s...

CWE-6112018

CVE-2012-2239

CRITICAL

CVSS:9.1(Critical)

Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading...

CWE-6112012

CVE-2021-27635

Vulnerability Description

Related Vulnerabilities

CVE-2016-10127

CVE-2018-1000828

CVE-2018-1000829

CVE-2018-1000834

CVE-2018-1000836

CVE-2012-2239