CVE-2021-42560: XEE
First published: Wed Jan 12 2022(Updated: )
An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameters when generating a PDF document. These SVG documents are parsed in an unsafe manner and can be leveraged for XXE attacks (e.g., File Exfiltration, Server Side Request Forgery, Out of Band Exfiltration, etc.).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MITRE CALDERA | =2.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-42560?
CVE-2021-42560 is a vulnerability discovered in CALDERA 2.9.0 that allows for XXE attacks through unsafe XML parsing in the Debrief plugin.
What is the severity of CVE-2021-42560?
CVE-2021-42560 has a severity rating of 8.8, which is considered high.
How does CVE-2021-42560 affect CALDERA 2.9.0?
CVE-2021-42560 affects CALDERA 2.9.0 by allowing attackers to perform XXE attacks through the Debrief plugin's unsafe XML parsing.
How can I fix CVE-2021-42560?
To fix CVE-2021-42560, it is recommended to update CALDERA to a version that includes the necessary security patches.
What is XXE?
XXE (XML External Entity) is an attack that allows an attacker to exploit vulnerabilities in XML parsers and gain unauthorized access to sensitive data or perform other malicious actions.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/mitre
- canonical/mitre caldera
- version/mitre caldera/2.9.0