PT-2021-15124 · Micro Focus · Micro Focus Verastream Host Integrator

Pawel Gocyla

Published

2021-07-22

Updated

2021-08-02

CVE-2021-22523

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions Micro Focus Verastream Host Integrator versions 7.8 Update 1 and earlier

Description The issue is related to an XML External Entity vulnerability, which could allow the control of a web browser and hijacking of user sessions.

Recommendations For versions 7.8 Update 1 and earlier, update to a version later than 7.8 Update 1 to resolve the issue. As a temporary workaround, consider restricting web browser access to minimize the risk of session hijacking.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2021-22523

Affected Products

Micro Focus Verastream Host Integrator

PT-2021-15124 · Micro Focus · Micro Focus Verastream Host Integrator

CVE-2021-22523

Weakness Enumeration

Related Identifiers

Affected Products

References · 5