First published: Wed Oct 13 2021(Updated: )
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Cybozu Remote Service Manager | =3.1.8 | |
Cybozu Remote Service Manager | =3.1.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-20801 is medium, with a severity value of 6.5.
CVE-2021-20801 affects Cybozu Remote Service Manager versions 3.1.8 to 3.1.9.
CVE-2021-20801 is a vulnerability that allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain stored information in Cybozu Remote Service Manager.
CVE-2021-20801 affects only Mozilla Firefox when using Cybozu Remote Service Manager.
To fix CVE-2021-20801, upgrade Cybozu Remote Service Manager to a version higher than 3.1.9.