CVE-2021-22498
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
40.9%
XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microfocus | application_lifecycle_management | * | cpe:2.3:a:microfocus:application_lifecycle_management:*:*:*:*:*:*:*:* |
| microfocus | application_lifecycle_management | 12.60 | cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch1:*:*:*:*:*:* |
| microfocus | application_lifecycle_management | 12.60 | cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch2:*:*:*:*:*:* |
| microfocus | application_lifecycle_management | 12.60 | cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch3:*:*:*:*:*:* |
| microfocus | application_lifecycle_management | 12.60 | cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch4:*:*:*:*:*:* |
| microfocus | application_lifecycle_management | 12.60 | cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch5:*:*:*:*:*:* |
| microfocus | application_lifecycle_management | 15.0.1 | cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1:patch1:*:*:*:*:*:* |
| microfocus | application_lifecycle_management | 15.0.1 | cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1:patch2:*:*:*:*:*:* |
| microfocus | application_lifecycle_management | 15.5 | cpe:2.3:a:microfocus:application_lifecycle_management:15.5:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
40.9%