The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
References
Link | Resource |
---|---|
https://www.compass-security.com/fileadmin/Research/Advisories/2021-01_CSNC-2021-005_Helix_ALM_XXE.txt | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-13T16:42:03
Updated: 2021-04-13T16:42:03
Reserved: 2021-03-22T00:00:00
Link: CVE-2021-28973
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-13T17:15:12.217
Modified: 2022-05-03T16:04:40.443
Link: CVE-2021-28973
JSON object: View
Redhat Information
No data.
CWE