CVE-2021-21517 — HIGH (7.2)

Vulnerability Description

SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Dell	Emc Srs Policy Manager	6.6

Related Weaknesses (CWE)

CWE-611

References

https://www.dell.com/support/kbdoc/en-us/000183576/dsa-2021-045-dell-emc-srs-polVendor Advisory
https://www.dell.com/support/kbdoc/en-us/000183576/dsa-2021-045-dell-emc-srs-polVendor Advisory

FAQ

What is CVE-2021-21517?

CVE-2021-21517 is a vulnerability with a CVSS score of 7.2 (HIGH). SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A rem...

How severe is CVE-2021-21517?

CVE-2021-21517 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-21517?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Srs Policy Manager.