CVE-2021-28684

The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).

Published: Jun 21, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-28684
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
powerarchiver / powerarchiver	-	20.10.02

https://peterka.tech/blog/posts/cve-2021-28684/
https://www.powerarchiver.com

Vulnerability Database

CVE-2021-28684