CVE-2021-20801

MEDIUM

Cybozu Remote Service 3.1.8-3.1.9 - Authenticated XML External Entity Injection

Title source: llm
STIX 2.1

Description

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN52694228/index.html
Vendor Advisory x_refsource_misc
https://kb.cybozu.support/article/37423

Scores

CVSS v3 6.5
EPSS 0.0049
EPSS Percentile 65.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-611
Status published
Products (2)
cybozu/remote_service_manager 3.1.8
cybozu/remote_service_manager 3.1.9
Published Oct 13, 2021
Tracked Since Feb 18, 2026