Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe
Filtered by product Xmlbeans
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-23926 2 Apache, Netapp 4 Xmlbeans, Oncommand Unified Manager Core Package, Snap Creator Framework and 1 more 2021-05-17 6.4 MEDIUM 9.1 CRITICAL
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.