CVE-2021-21517

{"id": "CVE-2021-21517", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 3.9}]}, "published": "2021-03-01T21:15:14.350", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000183576/dsa-2021-045-dell-emc-srs-policy-manager-security-update-for-external-entity-injection-vulnerability", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service."}, {"lang": "es", "value": "SRS Policy Manager versiones 6.X, est\u00e1 afectado por una vulnerabilidad de Inyecci\u00f3n de XML External Entity (XXE) debido a un analizador XML configurado inapropiadamente que procesa una entrada DTD proporcionada por el usuario sin una suficiente comprobaci\u00f3n. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para leer archivos de sistema como un usuario no root y puede ser capaz de interrumpir temporalmente el servicio ESRS"}], "lastModified": "2021-03-08T18:10:29.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_srs_policy_manager:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "543F5FCD-47FD-4F6E-A260-551C02331ED5"}, {"criteria": "cpe:2.3:a:dell:emc_srs_policy_manager:6.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E937A556-06B5-4C73-9218-1CC88A18CDAF"}, {"criteria": "cpe:2.3:a:dell:emc_srs_policy_manager:6.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A03C721-72B7-4353-9645-08AC4F7907C5"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}