vulnerability

Oracle WebLogic: CVE-2021-40690 : Critical Patch Update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Sep 19, 2021
Added
Jul 25, 2022
Modified
Nov 26, 2024

Description

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

Solution(s)

oracle-weblogic-jul-2022-cpu-12_2_1_3_0oracle-weblogic-jul-2022-cpu-12_2_1_4_0oracle-weblogic-jul-2022-cpu-14_1_1_0_0
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.