Refine your search

1 vulnerability found for Office Server Document Converter by Antenna House, Inc.

jvndb-2021-000095
Vulnerability from jvndb
Published
2021-10-28 15:03
Modified
2021-10-28 15:03
Severity ?
7.2 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Summary
Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
Details
Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference (XXE) vulnerabilities listed below. * Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20838 Resource exhaustion in the PDF convert server may occur. * Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20839 Massive access to the other servers may occur.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000095.html",
  "dc:date": "2021-10-28T15:03+09:00",
  "dcterms:issued": "2021-10-28T15:03+09:00",
  "dcterms:modified": "2021-10-28T15:03+09:00",
  "description": "Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference (XXE) vulnerabilities listed below. \r\n\r\n* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20838\r\nResource exhaustion in the PDF convert server may occur. \r\n* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20839\r\nMassive access to the other servers may occur.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000095.html",
  "sec:cpe": {
    "#text": "cpe:/a:antennahouse:office_server_document_converter",
    "@product": "Office Server Document Converter",
    "@vendor": "Antenna House, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.4",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.2",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000095",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN33453839/index.html",
      "@id": "JVN#33453839",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20838",
      "@id": "CVE-2021-20838",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20839",
      "@id": "CVE-2021-20839",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20838",
      "@id": "CVE-2021-20838",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20839",
      "@id": "CVE-2021-20839",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter"
}