CVE-2021-33813

CWE-611XML External Entity (XXE)14 documents7 sources
Severity
7.5HIGH
EPSS
1.4%
top 19.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Jdom JdomApache SolrApache Tika+3 more
Timeline
PublishedJun 16
Latest updateJan 15

Description

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

Mavenorg.jdom:jdom2< 2.0.6.1
Debianlibjdom1-java< 1.1.3-2.1+3
Debianlibjdom2-java< 2.0.6-2.1+3
NVDjdom/jdom2.0.6
Mavenorg.jdom:jdom2.0.2

Also affects: Debian Linux 9.0, Fedora 35

Patches

Patch: github.comPatch: www.oracle.comPatch: github.com

🔴Vulnerability Details

4
OSV
XML External Entity (XXE) Injection in JDOM2021-07-27
GHSA
XML External Entity (XXE) Injection in JDOM2021-07-27
CVEList
CVE-2021-33813: An XXE issue in SAXBuilder in JDOM through 22021-06-16
OSV
CVE-2021-33813: An XXE issue in SAXBuilder in JDOM through 22021-06-16

📋Vendor Advisories

9
Oracle
Oracle Oracle Siebel CRM Risk Matrix: Application Interface (JDOM) — CVE-2021-338132026-01-15
Oracle
Oracle Oracle Siebel CRM Risk Matrix: EAI (JDOM) — CVE-2021-338132025-07-15
Oracle
Oracle Oracle Analytics Risk Matrix: Web Catalog (JDOM) — CVE-2021-338132025-01-15
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Security Framework (Apache Solr) — CVE-2021-338132024-01-15
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: OSB Web Console Design, Admin (JDOM) — CVE-2021-338132023-07-15
CVE-2021-33813 (HIGH CVSS 7.5) | An XXE issue in SAXBuilder in JDOM | cvebase.io