CVE-2021-27777
HCL Unica Platform is vulnerable to XML External Entity (XXE) injection
In short
HCL Unica Platform has a flaw in how it processes XML files that allows attackers to inject malicious code by inserting harmful references into the XML. This can lead to data theft or system compromise.
Technical detail
The vulnerability exists in XML parsing logic that does not adequately validate or disable external entity resolution. An attacker can craft malicious XML input containing external entity declarations to access sensitive files, perform SSRF attacks, or cause denial of service. Pre-condition requires the ability to submit XML content to the application.
Summary generated and translated by AI from the official description.
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products
HCL Software · HCL UnicaWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →