CVE-2021-42537
MEDIUMVISAM VBASE 11.6.0.6 - XML External Entity Injection
Title source: llmDescription
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
References (1)
Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_confirm
https://www.cisa.gov/uscert/ics/advisories/icsa-21-308-01
Scores
CVSS v3
5.9
EPSS
0.0041
EPSS Percentile
32.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-611
Status
published
Products (1)
visam/vbase_web-remote
11.6.0.6
Published
Jul 27, 2022
Tracked Since
Feb 18, 2026