CVE-2021-27777

Summary

XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.

Affected Software

VendorProductVersion RangeStatus
HCL SoftwareHCL Unica12 and belowaffected

Weaknesses

  • CWE-91: CWE-91 XML Injection (aka Blind XPath Injection)

ADP Enrichment

CVE Program Container

Additional References

References