Vulnerability Description
The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).
CVSS Score
4.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Powerarchiver | Powerarchiver | < 20.10.02 |
Related Weaknesses (CWE)
References
- https://peterka.tech/blog/posts/cve-2021-28684/ExploitThird Party Advisory
- https://www.powerarchiver.comProduct
- https://peterka.tech/blog/posts/cve-2021-28684/ExploitThird Party Advisory
- https://www.powerarchiver.comProduct
FAQ
What is CVE-2021-28684?
CVE-2021-28684 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).
How severe is CVE-2021-28684?
CVE-2021-28684 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28684?
Check the references section above for vendor advisories and patch information. Affected products include: Powerarchiver Powerarchiver.