Sensitive Information Exposure in OpenKM Document Management System
CVE-2021-33950

7.5HIGH

Key Information:

Vendor: Openkm
Status: Openkm
Vendor: CVE Published:; 17 February 2023

What is CVE-2021-33950?

A security issue in OpenKM v6.3.10 allows attackers to exploit the XMLTextExtractor function, leading to the unintentional exposure of sensitive information. This vulnerability can compromise the confidentiality of data handled by the document management system, posing serious risks to affected users and organizations. It is crucial for users to apply the necessary updates and patches to mitigate potential threats associated with this vulnerability.

References

https://github.com/openkm/document-management-system/pull...

https://github.com/openkm/document-management-system/issu...

https://github.com/openkm/document-management-system/comm...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2023
Vulnerability Reserved
Jun 7, 2021

CVE-2021-33950 Data

JSON

Openkm

What is CVE-2021-33950?

References

CVSS V3.1

Timeline