CVE-2021-42537 MEDIUM

CVE-2021-42537: VISAM VBASE Editor Improper Restriction of XML

Vendor Visam
Product VBASE Pro-RT/ Server-RT (Web Remote)
Published July 27, 2022
Last update April 17, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Key dates

02Disclosure timeline

July 27, 2022 CVE published
April 17, 2025 Record updated