Design/Logic Flaw

2021-05-1812:15:00

PRIOn knowledge base

www.prio-n.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.4%

JSON

There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

CPENameOperatorVersion
debian_linuxeq9.0
fedoraeq33
fedoraeq34
communications_cloud_native_core_network_function_cloud_native_environmenteq1.10.0
enterprise_manager_base_platformeq13.4.0.0
enterprise_manager_base_platformeq13.5.0.0
enterprise_manager_ops_centereq12.4.0.0
mysql_workbenchle8.0.26
peoplesoft_enterprise_peopletoolseq8.58
real_user_experience_insighteq13.4.1.0

Name	Operator	Version
debian_linux	eq	9.0
fedora	eq	33
fedora	eq	34
communications_cloud_native_core_network_function_cloud_native_environment	eq	1.10.0
enterprise_manager_base_platform	eq	13.4.0.0
enterprise_manager_base_platform	eq	13.5.0.0
enterprise_manager_ops_center	eq	12.4.0.0
mysql_workbench	le	8.0.26
peoplesoft_enterprise_peopletools	eq	8.58
real_user_experience_insight	eq	13.4.1.0