Home

CVE-2021-23926

Description

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.322

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-23926 are fixed in Apache-xmlbeans 3.0.0Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 11.0.1Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3Windows
Multiple Vulnerabilities are affected in IBM Security Verify Directory Integrator 7.2.0Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.2Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0Windows
Vulnerabilities CVE-2021-23926 are fixed in Apache-xmlbeans for Linux 3.0.0Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234