CVE-2021-21517

Name of the Vulnerable Software and Affected Versions SRS Policy Manager versions 6.X

Description The issue is related to an XML External Entity Injection (XXE) vulnerability. This occurs due to a misconfigured XML parser that does not sufficiently validate user-supplied DTD input. A remote unauthenticated attacker can exploit this to read system files as a non-root user and may temporarily disrupt the ESRS service.

Recommendations For SRS Policy Manager versions 6.X, ensure the XML parser is properly configured to validate user-supplied DTD input to prevent XXE attacks. As a temporary workaround, consider restricting access to the XML parser until a proper configuration or patch is available.