XML External Entity Vulnerability in Micro Focus Verastream Host Integrator
CVE-2021-22523

7.6HIGH

Key Information:

Vendor: Microfocus
Status: Verastream Host Integrator.
Vendor: CVE Published:; 22 July 2021

What is CVE-2021-22523?

An XML External Entity (XXE) vulnerability exists in Micro Focus Verastream Host Integrator, specifically affecting version 7.8 Update 1 and earlier. This vulnerability could potentially allow attackers to gain control of users' web browsers, leading to possible session hijacking and unauthorized access to sensitive information. It is crucial for organizations utilizing this software to apply appropriate security measures to mitigate this risk.

Affected Version(s)

Verastream Host Integrator. Version 7.8 Update 1 and earlier versions.

References

https://support.microfocus.com/kb/doc.php?id=7025169

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2021
Vulnerability Reserved
Jan 5, 2021

Microfocus

What is CVE-2021-22523?

Affected Version(s)

References

CVSS V3.1

Timeline