How severe is CVE-2022-41221?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2022-41221?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2022-41221 - HIGH Severity | CVSS 7.1

Vulnerability Description

The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it.

Related Vulnerabilities

CVE-2014-0950

HIGH

CVSS:7.1(High)

Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rational...

CWE-6112014

CVE-2015-8549

HIGH

CVSS:7.1(High)

XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload.

CWE-6112015

CVE-2016-9181

HIGH

CVSS:7.1(High)

perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could ca...

CWE-6112016

CVE-2017-1000061

HIGH

CVSS:7.1(High)

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

CWE-6112017

CVE-2017-1254

HIGH

CVSS:7.1(High)

IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive informa...

CWE-6112017

CVE-2017-1758

HIGH

CVSS:7.1(High)

IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Adv...

CWE-6112017