CVE-2021-21517
7.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
Summary
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell | SRS Policy Manager | unspecified < 7.0 | affected |
Weaknesses
- CWE-611: CWE-611: Improper Restriction of XML External Entity Reference ('XXE')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.