CVE-2021-42537

Name of the Vulnerable Software and Affected Versions VISAM VBASE version 11.6.0.6

Description The issue arises when VISAM VBASE processes an XML document containing XML entities with URIs that resolve to documents outside of the intended sphere of control. This causes the product to embed incorrect documents into its output.

Recommendations For VISAM VBASE version 11.6.0.6, consider restricting the processing of XML entities with external URIs to prevent the embedding of incorrect documents into the output. As a temporary workaround, restrict access to external documents to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.