CVE-2021-33813
Description
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.03
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-33813 are fixed in JDOM-jdom 2.0.6.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.8 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.22 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.9.0 | Windows |
| Vulnerabilities CVE-2021-33813,CVE-2022-42003,CVE-2022-42004 are affected in IBM Sterling B2B Integrator 6.1.0.6 | Windows |
| Vulnerabilities CVE-2021-33813 are affected in JDOM-jdom 2.0.2 | Windows |
| Vulnerabilities CVE-2021-33813 are fixed in Jdom - jdom2 2.0.6.1 | Windows |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debugsource-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-debugsource-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-syms-5.14.21-150400.24.49.4.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-devel-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-docs-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-macros-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-source-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2021:2293-1(SUSE Linux Enterprise Module for Development Tools 15-SP3 ) jdom2-2.0.6-3.3.1.noarch.rpm | Linux |
| SUSE-SU-2024:1874-1(Development Tools Module 15-SP5) xom-1.3.9-150200.5.3.3.noarch.rpm | Linux |
| SUSE-SU-2024:1874-1(Development Tools Module 15-SP5) jdom-1.1.3-150200.12.8.2.noarch.rpm | Linux |
| SUSE-SU-2024:1874-1(Development Tools Module 15-SP5) dom4j-2.1.4-150200.12.10.2.noarch.rpm | Linux |
| SUSE-SU-2024:1874-1(Development Tools Module 15-SP5) jaxen-2.0.0-150200.5.3.1.noarch.rpm | Linux |
| SUSE-SU-2024:1874-1(Development Tools Module 15-SP5) junit-4.13.2-150200.3.15.2.noarch.rpm | Linux |
| SUSE-SU-2024:1874-1(Development Tools Module 15-SP5) hamcrest-2.2-150200.12.17.2.noarch.rpm | Linux |
| SUSE-SU-2024:1874-1(Basesystem Module 15-SP5) objectweb-asm-9.7-150200.3.15.2.noarch.rpm | Linux |
| jdom Security Update (ALAS-2023-014) jdom-1.1.3-30.amzn2023.0.3.noarch.rpm | Linux |
| jdom Security Update (ALAS-2023-014) jdom-demo-1.1.3-30.amzn2023.0.3.noarch.rpm | Linux |
| jdom Security Update (ALAS-2023-014) jdom-javadoc-1.1.3-30.amzn2023.0.3.noarch.rpm | Linux |
| jdom Security Update (ALAS-2023-2045) jdom-1.1.3-6.1.amzn2.0.1.noarch.rpm | Linux |
| jdom Security Update (ALAS-2023-2045) jdom-demo-1.1.3-6.1.amzn2.0.1.noarch.rpm | Linux |
| jdom Security Update (ALAS-2023-2045) jdom-javadoc-1.1.3-6.1.amzn2.0.1.noarch.rpm | Linux |
| Vulnerabilities CVE-2021-33813 are fixed in JDOM-jdom for Linux 2.0.6.1 | Linux |
| jdom Security Update (ALAS2-2023-2045) jdom-1.1.3-6.1.amzn2.0.1.noarch.rpm | Linux |
| jdom Security Update (ALAS2-2023-2045) jdom-demo-1.1.3-6.1.amzn2.0.1.noarch.rpm | Linux |
| jdom Security Update (ALAS2-2023-2045) jdom-javadoc-1.1.3-6.1.amzn2.0.1.noarch.rpm | Linux |
| jdom Security Update (ALAS2023-2023-014) jdom-1.1.3-30.amzn2023.0.3.noarch.rpm | Linux |
| jdom Security Update (ALAS2023-2023-014) jdom-demo-1.1.3-30.amzn2023.0.3.noarch.rpm | Linux |
| jdom Security Update (ALAS2023-2023-014) jdom-javadoc-1.1.3-30.amzn2023.0.3.noarch.rpm | Linux |
| Vulnerabilities CVE-2021-33813 are affected in JDOM-jdom for Linux 2.0.2 | Linux |
| Vulnerabilities CVE-2021-33813 are fixed in Jdom - jdom2 for Linux 2.0.6.1 | Linux |
| Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-33813) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234