CVE-2021-28973

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
perforcehelix_alm
2020.3.1:build_22
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.compass-security.com/fileadmin/Research/Advisories/2021-01_CSNC-2021-005_Helix_ALM_XXE.txt
https://www.compass-security.com/fileadmin/Research/Advisories/2021-01_CSNC-2021-005_Helix_ALM_XXE.txt