How severe is CVE-2021-31842?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-31842?

This is classified as CWE-776, which is a common weakness in software security.

CVE-2021-31842

MEDIUM Year: 2021

CVSS v3 Score

5.5

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-776

View all →

Vulnerability Description

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process.

CVE-2017-5644

MEDIUM

CVSS:5.5(Medium)

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.

CWE-7762017

CVE-2022-28652

MEDIUM

CVSS:5.5(Medium)

~/.config/apport/settings parsing is vulnerable to "billion laughs" attack

CWE-7762022

CVE-2023-52426

MEDIUM

CVSS:5.5(Medium)

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

CWE-7762023

CVE-2024-1455

MEDIUM

CVSS:5.9(Medium)

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML docu...

CWE-7762024

CVE-2024-27141

MEDIUM

CVSS:5.9(Medium)

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) ...

CWE-7762024