CVE-2021-22498

XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection.
References
Link Resource
https://softwaresupport.softwaregrp.com/doc/KM03771781 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:microfocus:application_lifecycle_management:15.5:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1:patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_lifecycle_management:*:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_lifecycle_management:15.0.1:patch2:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch1:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch2:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch3:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch4:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_lifecycle_management:12.60:patch5:*:*:*:*:*:*
cpe:2.3:a:microfocus:application_lifecycle_management:*:*:*:*:*:*:*:*

Information

Published : 2021-01-19 04:15

Updated : 2021-01-29 04:12


NVD link : CVE-2021-22498

Mitre link : CVE-2021-22498

CWE
CWE-611

Improper Restriction of XML External Entity Reference