XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection.
References
Link | Resource |
---|---|
https://softwaresupport.softwaregrp.com/doc/KM03771781 |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://softwaresupport.softwaregrp.com/doc/KM03771781 - |
29 Jan 2021, 16:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch2:*:*:*:*:*:* cpe:2.3:a:microfocus:application_lifecycle_management:*:*:*:*:*:*:*:* cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch3:*:*:*:*:*:* cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch5:*:*:*:*:*:* cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1:patch1:*:*:*:*:*:* cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch1:*:*:*:*:*:* cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch4:*:*:*:*:*:* cpe:2.3:a:microfocus:application_lifecycle_management:15.5:*:*:*:*:*:*:* cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1:patch2:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 8.1 |
References | (MISC) https://softwaresupport.softwaregrp.com/doc/KM03771781 - Third Party Advisory | |
CWE | CWE-611 |
19 Jan 2021, 16:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-19 16:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-22498
Mitre link : CVE-2021-22498
CVE.ORG link : CVE-2021-22498
JSON object : View
Products Affected
microfocus
- application_lifecycle_management
CWE
CWE-611
Improper Restriction of XML External Entity Reference