CVE-2021-1530

Name of the Vulnerable Software and Affected Versions BroadWorks Messaging Server (affected versions not specified)

Description The issue is related to the improper restriction of XML external entity references in the web-based management interface of the BroadWorks Messaging Server. This could allow a remote attacker to gain unauthorized access to sensitive information or cause a denial of service condition. The vulnerability is due to the improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this by uploading a crafted XML file containing references to external entities, potentially allowing them to retrieve files from the local system or consume available resources, leading to a partial denial of service condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.