Vulnerabilities > CVE-2021-33208 - XXE vulnerability in Softwareag Mashzone Nextgen 10.7

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

softwareag

CWE-611

NVD

Published: 2022-03-30

Updated: 2022-04-05

Summary

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.

Vulnerable Configurations

Part	Description	Count
Application	Softwareag Softwareag Mashzone Nextgen - Softwareag Mashzone Nextgen 10.7	2

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://github.com/blackarrowsec/advisories/tree/master/2021/CVE-2021-33208
https://www.softwareag.com/corporate/products/az/mashzone_nextgen/default