CVE-2021-27777: HCL Unica Platform is vulnerable to XML External Entity (XXE) injection
First published: Sun Apr 10 2022(Updated: )
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Unica | <12.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this XXE injection vulnerability?
The vulnerability ID is CVE-2021-27777.
What is an XML External Entity (XXE) injection vulnerability?
An XML External Entity (XXE) injection vulnerability occurs when poorly configured XML parsers process user supplied input without sufficient validation, allowing attackers to manipulate XML content and inject malicious external entity references.
How can attackers exploit this XXE injection vulnerability?
Attackers can exploit this vulnerability by manipulating XML content and injecting malicious external entity references.
Which version of Hcltech Unica is affected by this XXE injection vulnerability?
The vulnerability affects versions up to and excluding 12.1.1 of Hcltech Unica.
What is the severity rating of CVE-2021-27777 XXE injection vulnerability?
The severity rating of CVE-2021-27777 XXE injection vulnerability is high, with a severity value of 7.5.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/hcltech
- canonical/hcltech unica