CVE-2021-3312: XEE
First published: Fri Oct 08 2021(Updated: )
An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alkacon OpenCMS | =11.0 | |
| Alkacon OpenCMS | =11.0.1 | |
| Alkacon OpenCMS | =11.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability in Alkacon OpenCms?
The vulnerability ID is CVE-2021-3312.
What is the severity level of CVE-2021-3312?
The severity level of CVE-2021-3312 is medium with a CVSS score of 6.5.
Which versions of Alkacon OpenCms are affected by CVE-2021-3312?
Alkacon OpenCms versions 11.0, 11.0.1, and 11.0.2 are affected by CVE-2021-3312.
How does CVE-2021-3312 impact the server?
CVE-2021-3312 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.
Is there a fix available for CVE-2021-3312?
Yes, you can find the fix for CVE-2021-3312 in the official Alkacon OpenCms releases.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/alkacon
- canonical/alkacon opencms
- version/alkacon opencms/11.0
- version/alkacon opencms/11.0.1
- version/alkacon opencms/11.0.2