Search criteria
5 vulnerabilities found for Office Server Document Converter by Antenna House, Inc.
CVE-2021-20839 (GCVE-0-2021-20839)
Vulnerability from cvelistv5 – Published: 2021-11-01 01:50 – Updated: 2024-08-03 17:53
VLAI?
Summary
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.
Severity ?
No CVSS data available.
CWE
- XML external entities (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Antenna House, Inc. | Office Server Document Converter |
Affected:
V7.2MR4 and earlier and V7.1MR7 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office Server Document Converter",
"vendor": "Antenna House, Inc.",
"versions": [
{
"status": "affected",
"version": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T01:50:16",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office Server Document Converter",
"version": {
"version_data": [
{
"version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
}
]
},
"vendor_name": "Antenna House, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html",
"refsource": "MISC",
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"name": "https://jvn.jp/en/jp/JVN33453839/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20839",
"datePublished": "2021-11-01T01:50:16",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20838 (GCVE-0-2021-20838)
Vulnerability from cvelistv5 – Published: 2021-11-01 01:50 – Updated: 2024-08-03 17:53
VLAI?
Summary
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document.
Severity ?
No CVSS data available.
CWE
- XML external entities (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Antenna House, Inc. | Office Server Document Converter |
Affected:
V7.2MR4 and earlier and V7.1MR7 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office Server Document Converter",
"vendor": "Antenna House, Inc.",
"versions": [
{
"status": "affected",
"version": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T01:50:14",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office Server Document Converter",
"version": {
"version_data": [
{
"version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
}
]
},
"vendor_name": "Antenna House, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html",
"refsource": "MISC",
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"name": "https://jvn.jp/en/jp/JVN33453839/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20838",
"datePublished": "2021-11-01T01:50:14",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20839 (GCVE-0-2021-20839)
Vulnerability from nvd – Published: 2021-11-01 01:50 – Updated: 2024-08-03 17:53
VLAI?
Summary
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.
Severity ?
No CVSS data available.
CWE
- XML external entities (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Antenna House, Inc. | Office Server Document Converter |
Affected:
V7.2MR4 and earlier and V7.1MR7 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office Server Document Converter",
"vendor": "Antenna House, Inc.",
"versions": [
{
"status": "affected",
"version": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T01:50:16",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office Server Document Converter",
"version": {
"version_data": [
{
"version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
}
]
},
"vendor_name": "Antenna House, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html",
"refsource": "MISC",
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"name": "https://jvn.jp/en/jp/JVN33453839/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20839",
"datePublished": "2021-11-01T01:50:16",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20838 (GCVE-0-2021-20838)
Vulnerability from nvd – Published: 2021-11-01 01:50 – Updated: 2024-08-03 17:53
VLAI?
Summary
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document.
Severity ?
No CVSS data available.
CWE
- XML external entities (XXE)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Antenna House, Inc. | Office Server Document Converter |
Affected:
V7.2MR4 and earlier and V7.1MR7 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:22.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Office Server Document Converter",
"vendor": "Antenna House, Inc.",
"versions": [
{
"status": "affected",
"version": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-01T01:50:14",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Office Server Document Converter",
"version": {
"version_data": [
{
"version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier"
}
]
}
}
]
},
"vendor_name": "Antenna House, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html",
"refsource": "MISC",
"url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
},
{
"name": "https://jvn.jp/en/jp/JVN33453839/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN33453839/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20838",
"datePublished": "2021-11-01T01:50:14",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:53:22.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2021-000095
Vulnerability from jvndb - Published: 2021-10-28 15:03 - Updated:2021-10-28 15:03
Severity ?
Summary
Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
Details
Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference (XXE) vulnerabilities listed below.
* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20838
Resource exhaustion in the PDF convert server may occur.
* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20839
Massive access to the other servers may occur.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000095.html",
"dc:date": "2021-10-28T15:03+09:00",
"dcterms:issued": "2021-10-28T15:03+09:00",
"dcterms:modified": "2021-10-28T15:03+09:00",
"description": "Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference (XXE) vulnerabilities listed below. \r\n\r\n* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20838\r\nResource exhaustion in the PDF convert server may occur. \r\n* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20839\r\nMassive access to the other servers may occur.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000095.html",
"sec:cpe": {
"#text": "cpe:/a:antennahouse:office_server_document_converter",
"@product": "Office Server Document Converter",
"@vendor": "Antenna House, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.2",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2021-000095",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN33453839/index.html",
"@id": "JVN#33453839",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20838",
"@id": "CVE-2021-20838",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20839",
"@id": "CVE-2021-20839",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20838",
"@id": "CVE-2021-20838",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20839",
"@id": "CVE-2021-20839",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter"
}