Vulnerabilities > CVE-2021-3541 - XML Entity Expansion vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2021-07-09

Updated: 2022-03-01

Summary

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Xmlsoft Xmlsoft Libxml2 - Xmlsoft Libxml2 1.7.0 Xmlsoft Libxml2 1.7.1 Xmlsoft Libxml2 1.7.2 Xmlsoft Libxml2 1.7.3 Xmlsoft Libxml2 1.7.4 Xmlsoft Libxml2 1.8.0 Xmlsoft Libxml2 1.8.1 Xmlsoft Libxml2 1.8.2 Xmlsoft Libxml2 1.8.3 Xmlsoft Libxml2 1.8.4 Xmlsoft Libxml2 1.8.5 Xmlsoft Libxml2 1.8.6 Xmlsoft Libxml2 1.8.7 Xmlsoft Libxml2 1.8.9 Xmlsoft Libxml2 1.8.10 Xmlsoft Libxml2 1.8.13 Xmlsoft Libxml2 1.8.14 Xmlsoft Libxml2 1.8.16 Xmlsoft Libxml2 2.0.0 Xmlsoft Libxml2 2.1.0 Xmlsoft Libxml2 2.1.1 Xmlsoft Libxml2 2.2.0 Xmlsoft Libxml2 2.2.1 Xmlsoft Libxml2 2.2.2 Xmlsoft Libxml2 2.2.3 Xmlsoft Libxml2 2.2.4 Xmlsoft Libxml2 2.2.5 Xmlsoft Libxml2 2.2.6 Xmlsoft Libxml2 2.2.7 Xmlsoft Libxml2 2.2.8 Xmlsoft Libxml2 2.2.9 Xmlsoft Libxml2 2.2.10 Xmlsoft Libxml2 2.2.11 Xmlsoft Libxml2 2.3.0 Xmlsoft Libxml2 2.3.1 Xmlsoft Libxml2 2.3.2 Xmlsoft Libxml2 2.3.3 Xmlsoft Libxml2 2.3.4 Xmlsoft Libxml2 2.3.5 Xmlsoft Libxml2 2.3.6 Xmlsoft Libxml2 2.3.7 Xmlsoft Libxml2 2.3.8 Xmlsoft Libxml2 2.3.9 Xmlsoft Libxml2 2.3.10 Xmlsoft Libxml2 2.3.11 Xmlsoft Libxml2 2.3.12 Xmlsoft Libxml2 2.3.13 Xmlsoft Libxml2 2.3.14 Xmlsoft Libxml2 2.4.1 Xmlsoft Libxml2 2.4.2 Xmlsoft Libxml2 2.4.3 Xmlsoft Libxml2 2.4.4 Xmlsoft Libxml2 2.4.5 Xmlsoft Libxml2 2.4.6 Xmlsoft Libxml2 2.4.7 Xmlsoft Libxml2 2.4.8 Xmlsoft Libxml2 2.4.9 Xmlsoft Libxml2 2.4.10 Xmlsoft Libxml2 2.4.11 Xmlsoft Libxml2 2.4.12 Xmlsoft Libxml2 2.4.13 Xmlsoft Libxml2 2.4.14 Xmlsoft Libxml2 2.4.15 Xmlsoft Libxml2 2.4.16 Xmlsoft Libxml2 2.4.17 Xmlsoft Libxml2 2.4.18 Xmlsoft Libxml2 2.4.19 Xmlsoft Libxml2 2.4.20 Xmlsoft Libxml2 2.4.21 Xmlsoft Libxml2 2.4.22 Xmlsoft Libxml2 2.4.23 Xmlsoft Libxml2 2.4.24 Xmlsoft Libxml2 2.4.25 Xmlsoft Libxml2 2.4.26 Xmlsoft Libxml2 2.4.27 Xmlsoft Libxml2 2.4.28 Xmlsoft Libxml2 2.4.29 Xmlsoft Libxml2 2.4.30 Xmlsoft Libxml2 2.5.0 Xmlsoft Libxml2 2.5.1 Xmlsoft Libxml2 2.5.2 Xmlsoft Libxml2 2.5.3 Xmlsoft Libxml2 2.5.4 Xmlsoft Libxml2 2.5.5 Xmlsoft Libxml2 2.5.6 Xmlsoft Libxml2 2.5.7 Xmlsoft Libxml2 2.5.8 Xmlsoft Libxml2 2.5.9 Xmlsoft Libxml2 2.5.10 Xmlsoft Libxml2 2.5.11 Xmlsoft Libxml2 2.6.0 Xmlsoft Libxml2 2.6.1 Xmlsoft Libxml2 2.6.2 Xmlsoft Libxml2 2.6.3 Xmlsoft Libxml2 2.6.4 Xmlsoft Libxml2 2.6.5 Xmlsoft Libxml2 2.6.6 Xmlsoft Libxml2 2.6.7 Xmlsoft Libxml2 2.6.8 Xmlsoft Libxml2 2.6.9 Xmlsoft Libxml2 2.6.10 Xmlsoft Libxml2 2.6.11 Xmlsoft Libxml2 2.6.12 Xmlsoft Libxml2 2.6.13 Xmlsoft Libxml2 2.6.14 Xmlsoft Libxml2 2.6.15 Xmlsoft Libxml2 2.6.16 Xmlsoft Libxml2 2.6.17 Xmlsoft Libxml2 2.6.18 Xmlsoft Libxml2 2.6.19 Xmlsoft Libxml2 2.6.20 Xmlsoft Libxml2 2.6.21 Xmlsoft Libxml2 2.6.22 Xmlsoft Libxml2 2.6.23 Xmlsoft Libxml2 2.6.24 Xmlsoft Libxml2 2.6.25 Xmlsoft Libxml2 2.6.26 Xmlsoft Libxml2 2.6.27 Xmlsoft Libxml2 2.6.28 Xmlsoft Libxml2 2.6.29 Xmlsoft Libxml2 2.6.30 Xmlsoft Libxml2 2.6.31 Xmlsoft Libxml2 2.6.32 Xmlsoft Libxml2 2.7.0 Xmlsoft Libxml2 2.7.1 Xmlsoft Libxml2 2.7.2 Xmlsoft Libxml2 2.7.3 Xmlsoft Libxml2 2.7.4 Xmlsoft Libxml2 2.7.5 Xmlsoft Libxml2 2.7.6 Xmlsoft Libxml2 2.7.7 Xmlsoft Libxml2 2.7.8 Xmlsoft Libxml2 2.8.0 Xmlsoft Libxml2 2.9.0 Xmlsoft Libxml2 2.9.1 Xmlsoft Libxml2 2.9.2 Xmlsoft Libxml2 2.9.3 Xmlsoft Libxml2 2.9.4 Xmlsoft Libxml2 2.9.5 Xmlsoft Libxml2 2.9.6 Xmlsoft Libxml2 2.9.7 Xmlsoft Libxml2 2.9.8 Xmlsoft Libxml2 2.9.9 Xmlsoft Libxml2 2.9.10	172
Application	Redhat Redhat Jboss Core Services -	1
Application	Oracle Oracle ZFS Storage Appliance KIT 8.8	1
Application	Netapp Netapp Cloud Backup - Netapp Snapdrive - Netapp Ontap Select Deploy Administration Utility - Netapp Clustered Data Ontap - Netapp SMI S Provider - Netapp Clustered Data Ontap Antivirus Connector - Netapp Active IQ Unified Manager - Netapp Manageability Software Development KIT -	8
OS	Netapp Netapp H410C Firmware - Netapp H300S Firmware - Netapp H500S Firmware - Netapp H700S Firmware - Netapp H300E Firmware - Netapp H500E Firmware - Netapp H700E Firmware - Netapp H410S Firmware -	8
Hardware	Netapp Netapp H410C - Netapp H300S - Netapp H500S - Netapp H700S - Netapp H300E - Netapp H500E - Netapp H700E - Netapp H410S -	8

Common Weakness Enumeration (CWE)

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References