CVE-2021-3541

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 09-07-2021 07:15

Last modified: - 01-03-2022 07:25

Total changes: - 5

Description

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

6.5

Base score

2.8

3.6

Exploitability score

Impact score

Verification logic

vendor=xmlsoft AND product=libxml2 AND versionEndExcluding=2.9.11

vendor=Red Hat Enterprise Linux AND product=jboss_core_services AND version=-

vendor=oracle AND product=zfs_storage_appliance_kit AND version=8.8

vendor=netapp AND product=active_iq_unified_manager AND version=- AND target_software=vmware_vsphere

vendor=netapp AND product=cloud_backup AND version=-

vendor=netapp AND product=clustered_data_ontap AND version=-

vendor=netapp AND product=clustered_data_ontap_antivirus_connector AND version=-

vendor=netapp AND product=manageability_software_development_kit AND version=-

vendor=netapp AND product=ontap_select_deploy_administration_utility AND version=-

vendor=netapp AND product=smi-s_provider AND version=-

vendor=netapp AND product=snapdrive AND version=- AND target_software=unix

AND

vendor=netapp AND product=h410c_firmware AND version=-

vendor=netapp AND product=h410c AND version=-

AND

vendor=netapp AND product=h300s_firmware AND version=-

vendor=netapp AND product=h300s AND version=-

AND

vendor=netapp AND product=h500s_firmware AND version=-

vendor=netapp AND product=h500s AND version=-

AND

vendor=netapp AND product=h700s_firmware AND version=-

vendor=netapp AND product=h700s AND version=-

AND

vendor=netapp AND product=h300e_firmware AND version=-

vendor=netapp AND product=h300e AND version=-

AND

vendor=netapp AND product=h500e_firmware AND version=-

vendor=netapp AND product=h500e AND version=-

AND

vendor=netapp AND product=h700e_firmware AND version=-

vendor=netapp AND product=h700e AND version=-

AND

vendor=netapp AND product=h410s_firmware AND version=-

vendor=netapp AND product=h410s AND version=-

Reference

Keywords

CVE-2021-3541

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-3541

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures