Vulnerabilities > CVE-2021-28973 - XXE vulnerability in Perforce Helix ALM 2020.3.1

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
perforce
CWE-611

Summary

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.

Vulnerable Configurations

Part Description Count
Application
Perforce
1