CVE-2021-28973: XEE
First published: Tue Apr 13 2021(Updated: )
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Perforce Helix ALM | =2020.3.1-build_22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-28973.
What is the severity of CVE-2021-28973?
The severity of CVE-2021-28973 is medium with a severity value of 4.9.
What is the affected software for CVE-2021-28973?
The affected software for CVE-2021-28973 is Perforce Helix ALM 2020.3.1 Build 22.
What is the CWE ID for CVE-2021-28973?
The CWE ID for CVE-2021-28973 is CWE-611.
How do I fix CVE-2021-28973?
To fix CVE-2021-28973, update Perforce Helix ALM to a version that is not affected by this vulnerability.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/perforce
- canonical/perforce helix alm
- version/perforce helix alm/2020.3.1-build_22