CVE-2021-28684

2021-06-2112:13:26

mitre

www.cve.org

xml parser

xxe attack

conexware powerarchiver

exfiltration

cve-2021-28684

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

40.7%

JSON

The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack).

References

peterka.tech/blog/posts/cve-2021-28684/

www.powerarchiver.com