CVE-2021-20839

Name of the Vulnerable Software and Affected Versions: Office Server Document Converter versions 7.2MR4 and earlier Office Server Document Converter versions 7.1MR7 and earlier

Description: The issue allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack. This can cause a denial of service (DoS) condition to other servers by processing a specially crafted XML document.

Recommendations: For Office Server Document Converter versions 7.2MR4 and earlier, update to a version later than 7.2MR4 to resolve the issue. For Office Server Document Converter versions 7.1MR7 and earlier, update to a version later than 7.1MR7 to resolve the issue. As a temporary workaround, consider restricting the processing of XML documents from untrusted sources to minimize the risk of exploitation.