PT-2021-18009 · Perforce · Perforce Helix Alm

Emanuele Barbeno

Published

2021-04-13

Updated

2022-05-03

CVE-2021-28973

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Perforce Helix ALM version 2020.3.1 Build 22

Description: The XML Import functionality of the Administration console in Perforce Helix ALM is vulnerable to XXE attacks due to insecurely configured software components that parse XML input data.

Recommendations: For Perforce Helix ALM version 2020.3.1 Build 22, consider disabling the XML Import functionality in the Administration console until a patch is available to prevent potential XXE attacks.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2021-28973

Affected Products

Perforce Helix Alm

PT-2021-18009 · Perforce · Perforce Helix Alm

CVE-2021-28973

Weakness Enumeration

Related Identifiers

Affected Products

References · 3