CVE-2021-23926 vulnerability in Apache and Other Products
Published on January 14, 2021

XMLBeans XML Entity Expansion

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0.

NVD

Products Associated with CVE-2021-23926

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-23926 are published in these products:

Apache Xmlbeans

NetApp Oncommand Unified Manager Core Package

NetApp Snap Creator Framework

NetApp Snapmanager

Debian Linux

Oracle Peoplesoft Enterprise Peopletools

Oracle Middleware Common Libraries Tools

Oracle

Affected Versions

Apache Software Foundation Apache XMLBeans:

Version Apache XMLBeans, <= 2.6.0 is affected.

Exploit Probability

EPSS

0.33%

Percentile

55.58%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-23926 vulnerability in Apache and Other ProductsPublished on January 14, 2021

Products Associated with CVE-2021-23926

Affected Versions

Exploit Probability

CVE-2021-23926 vulnerability in Apache and Other Products
Published on January 14, 2021