How severe is CVE-2021-1359?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2021-1359?

This is classified as CWE-112, which is a common weakness in software security.

CVE-2021-1359

HIGH Year: 2021

CVSS v3 Score

8.8

High

CVSS v2 Score

9.0

Critical

Weakness Type

CWE-112

View all →

Vulnerability Description

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the web interface. An attacker could exploit this vulnerability by uploading crafted XML configuration files that contain scripting code to a vulnerable device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. An attacker would need a valid user account with the rights to upload configuration files to exploit this vulnerability.

CVE-2020-1975

HIGH

CVSS:8.8(High)

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This iss...

CWE-1122020

CVE-2022-28213

HIGH

CVSS:8.1(High)

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, whi...

CWE-1122022

CVE-2023-40310

HIGH

CVSS:7.5(High)

SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, w...

CWE-1122023