| Title | Office Server Document Converter における複数の XML 外部実体参照 (XXE) に関する脆弱性 |
|---|---|
| Summary | アンテナハウス株式会社が提供する Office Server Document Converter には、次に挙げる複数の XML 外部実体参照 (XXE) に関する脆弱性が存在します。 ・XML 外部実体参照 (XXE) に関する脆弱性 (CWE-611) - CVE-2021-20838 PDF 変換サーバのリソース枯渇が発生する。 ・XML 外部実体参照 (XXE) に関する脆弱性 (CWE-611) - CVE-2021-20839 他サーバに対する大量のアクセスが発生する。 |
| Possible impacts | 想定される影響は各脆弱性により異なりますが、細工された XML ドキュメントを当該製品で処理すると、次のような影響を受ける可能性があります。 ・当該製品が動作しているサーバが、サービス運用妨害 (DoS) 攻撃を受ける - CVE-2021-20838 ・他サーバに対するサービス運用妨害 (DoS) 攻撃を実行される - CVE-2021-20839 |
| Solution | [アップデートする] 開発者が提供する情報をもとに、最新版へアップデートしてください。 |
| Publication Date | Oct. 28, 2021, midnight |
| Registration Date | Oct. 28, 2021, 12:07 p.m. |
| Last Update | Oct. 28, 2021, 12:07 p.m. |
| CVSS3.0 : 重要 | |
| Score | 7.2 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L |
| CVSS2.0 : 警告 | |
| Score | 6.4 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:P |
| アンテナハウス株式会社 |
| Office Server Document Converter (Server Based Converter) V5.2MR13 およびそれ以前 |
| Office Server Document Converter (Server Based Converter) V6.0MR11 およびそれ以前 |
| Office Server Document Converter (Server Based Converter) V6.1MR8 およびそれ以前 |
| Office Server Document Converter (Server Based Converter) V7.0MR6 およびそれ以前 |
| Office Server Document Converter (Server Based Converter) V7.1MR7 およびそれ以前 |
| Office Server Document Converter (Server Based Converter) V7.2MR4 およびそれ以前 |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2021年10月28日] 掲載 |
Oct. 26, 2021, noon |
| Summary | Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document. |
|---|---|
| Publication Date | Nov. 1, 2021, 11:15 a.m. |
| Registration Date | Nov. 1, 2021, 4 p.m. |
| Last Update | Nov. 21, 2024, 2:47 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr2:*:*:pro:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.1:mr2:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.1:mr1:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.1:mr3:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.2:mr4:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.2:mr3:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.2:mr1:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.2:mr2:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.0:mr1:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.0:mr2:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr3:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr2:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr4:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.0:mr1:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.0:mr2:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.0:mr3:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.1:-:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.0:-:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.1:-:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:5.2:-:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:*:*:*:*:*:*:*:* | 5.2 | ||||
| Summary | Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document. |
|---|---|
| Publication Date | Nov. 1, 2021, 11:15 a.m. |
| Registration Date | Nov. 1, 2021, 4 p.m. |
| Last Update | Nov. 21, 2024, 2:47 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr2:*:*:pro:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.1:mr2:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.1:mr1:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.1:mr3:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.2:mr4:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.2:mr3:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.2:mr1:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.2:mr2:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.0:mr1:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.0:mr2:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr3:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr2:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr4:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.0:mr1:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.0:mr2:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.0:mr3:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:7.1:-:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.0:-:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:6.1:-:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:5.2:-:*:*:*:*:*:* | |||||
| cpe:2.3:a:antennahouse:office_server_document_converter:*:*:*:*:*:*:*:* | 5.2 | ||||