Vulnerabilities > CVE-2021-28684 - XXE vulnerability in Powerarchiver

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

powerarchiver

CWE-611

NVD

Published: 2021-06-21

Updated: 2021-06-23

Summary

The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).

Vulnerable Configurations

Part	Description	Count
Application	Powerarchiver Powerarchiver Powerarchiver 14.00 Powerarchiver Powerarchiver 14.01 Powerarchiver Powerarchiver 14.02 Powerarchiver Powerarchiver 14.02.03 Powerarchiver Powerarchiver 14.02.05	5

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://peterka.tech/blog/posts/cve-2021-28684/
https://www.powerarchiver.com