CVE-2021-36172

HIGH Year: 2021
CVSS v3 Score
8.1
High
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.

Related Vulnerabilities

CVE-2016-3033

HIGH
CVSS:8.1(High)

IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity dec...

CWE-6112016

CVE-2016-3055

HIGH
CVSS:8.1(High)

IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external...

CWE-6112016

CVE-2016-6059

HIGH
CVSS:8.1(High)

IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabil...

CWE-6112016

CVE-2016-8974

HIGH
CVSS:8.1(High)

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabili...

CWE-6112016

CVE-2016-8980

HIGH
CVSS:8.1(High)

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to exp...

CWE-6112016

CVE-2016-9698

HIGH
CVSS:8.1(High)

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerabil...

CWE-6112016