CVE-2021-42537: VISAM VBASE Editor Improper Restriction of XML
First published: Wed Jul 27 2022(Updated: )
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Visam Vbase Web-remote | =11.6.0.6 | |
| VISAM VBASE Pro-RT/ Server-RT (Web Remote) | =11.6.0.6 |
Remedy
VISAM recommends users update to VBASE v11.7.0.2 or later. Users may obtain a download link by submitting a request form. For more information, please contact VISAM using the information provided on the company contact page.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/author
- agent/weakness
- agent/references
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/title
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/visam
- canonical/visam vbase web-remote
- version/visam vbase web-remote/11.6.0.6
- canonical/visam vbase pro-rt/ server-rt (web remote)
- version/visam vbase pro-rt/ server-rt (web remote)/11.6.0.6