Vulnerabilities > CVE-2021-33950 - XXE vulnerability in Openkm 6.3.10
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/openkm/document-management-system/commit/ce1d82329615aea6aa9f2cc6508c1fe7891e34b5
- https://github.com/openkm/document-management-system/commit/ce1d82329615aea6aa9f2cc6508c1fe7891e34b5
- https://github.com/openkm/document-management-system/issues/287
- https://github.com/openkm/document-management-system/issues/287
- https://github.com/openkm/document-management-system/pull/288
- https://github.com/openkm/document-management-system/pull/288