CVE-2021-20839

Severity CVSS v4.0:
Pending analysis
Type:
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
01/11/2021
Last modified:
08/11/2021

Description

Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:antennahouse:office_server_document_converter:*:*:*:*:*:*:*:* 5.2 (excluding)
cpe:2.3:a:antennahouse:office_server_document_converter:5.2:-:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:6.0:-:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:6.0:mr1:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:6.0:mr2:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:6.1:-:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr2:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr2:*:*:pro:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr3:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr4:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:7.0:*:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:7.0:mr1:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:7.0:mr2:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:7.0:mr3:*:*:*:*:*:*
cpe:2.3:a:antennahouse:office_server_document_converter:7.1:-:*:*:*:*:*:*