CVE-2021-22498

Published Jan 19, 2021

Last updated 3 months ago

CVSS high 8.1

Overview

Description: XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection.
Source: security@opentext.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.5
Impact score: 4.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-611

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04E989E6-96B6-431F-A68E-44C3DC4CCC31",
            "versionEndIncluding": "12.60",
            "versionStartIncluding": "12.50"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C2AA512-D7E4-4ABF-B495-542D4EB856C3",
            "versionEndIncluding": "15.0.1",
            "versionStartIncluding": "15.0.0"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7424FAB0-201A-4908-8826-245DA119C5F7"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48260409-EAC4-4294-A665-76F5D97F74BC"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D261545-AB84-4C3D-8EDB-9986B5B5C252"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E49D67E6-5499-4653-B945-C17DE52ADD2C"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E19D3008-08D5-4E5F-9F67-99E917EDE855"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1:patch1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B90BEA78-299C-4AE2-ABE7-D499F05C4E8B"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41910128-1873-40CB-9875-48940AC95AD8"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:application_lifecycle_management:15.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5B5A87A-BE3D-4041-A971-8DF3A32D578A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References