How severe is CVE-2021-2401?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2021-2401?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2021-2401

MEDIUM Year: 2021

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-611

View all →

Vulnerability Description

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

CVE-2017-8056

MEDIUM

CVSS:5.3(Medium)

WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends ...

CWE-6112017

CVE-2018-0108

MEDIUM

CVSS:5.3(Medium)

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could explo...

CWE-6112018

CVE-2018-17889

MEDIUM

CVSS:5.3(Medium)

In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a...

CWE-6112018

CVE-2018-1801

MEDIUM

CVSS:5.3(Medium)

IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is...

CWE-6112018

CVE-2019-10782

MEDIUM

CVSS:5.3(Medium)

All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity (XXE) Injection due to an incomplete fix for CVE-2019-9658.

CWE-6112019

CVE-2019-6179

MEDIUM

CVSS:5.3(Medium)

An XML External Entity (XXE) processing vulnerability was reported in Lenovo XClarity Administrator (LXCA) prior to version 2.5.0 , Lenovo XClarity Integrator (LXCI) for Microsoft System Center prior ...

CWE-6112019

CVE-2021-2401

Vulnerability Description

Related Vulnerabilities

CVE-2017-8056

CVE-2018-0108

CVE-2018-17889

CVE-2018-1801

CVE-2019-10782

CVE-2019-6179