CVE-2021-21517

Summary

SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.

Affected Software

VendorProductVersion RangeStatus
DellSRS Policy Managerunspecified < 7.0affected

Weaknesses

  • CWE-611: CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

ADP Enrichment

CVE Program Container

Additional References

References