CVE-2021-27777

HIGH

XML Parser - XXE Injection

Title source: llm

Description

XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.

References (1)

[Vendor Advisory] https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0097124

Scores

CVSS v3 7.5

EPSS 0.0030

EPSS Percentile 53.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-611 CWE-91

Status published

Products (1)

hcltech/unica < 12.1.1

Published May 12, 2022

Tracked Since Feb 18, 2026