Lucene search

[email protected]CVE-2021-20839

HistoryNov 01, 2021 - 2:15 a.m.

CVE-2021-20839

2021-11-0102:15:00

CWE-611

[email protected]

web.nvd.nist.gov

cve-2021-20839

office server

document converter

xxe attack

denial of service

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

58.4%

JSON

Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.

CPENameOperatorVersion
antennahouse:office_server_document_converterantennahouse office server document convertereq6.1
antennahouse:office_server_document_converterantennahouse office server document convertereq7.1
antennahouse:office_server_document_converterantennahouse office server document convertereq7.2
antennahouse:office_server_document_converterantennahouse office server document convertereq6.0
antennahouse:office_server_document_converterantennahouse office server document convertereq7.0
antennahouse:office_server_document_converterantennahouse office server document convertereq5.2

CPE	Name	Operator	Version
antennahouse:office_server_document_converter	antennahouse office server document converter	eq	6.1
antennahouse:office_server_document_converter	antennahouse office server document converter	eq	7.1
antennahouse:office_server_document_converter	antennahouse office server document converter	eq	7.2
antennahouse:office_server_document_converter	antennahouse office server document converter	eq	6.0
antennahouse:office_server_document_converter	antennahouse office server document converter	eq	7.0
antennahouse:office_server_document_converter	antennahouse office server document converter	eq	5.2

References

jvn.jp/en/jp/JVN33453839/index.html

www.antenna.co.jp/news/2021/osdc72-20211027.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

58.4%

JSON

Related for CVE-2021-20839

prion1 cvelist1 jvn1