Search

Find a vulnerability

Search criteria

    5 vulnerabilities by Antenna House, Inc.

    CVE-2021-20839 (GCVE-0-2021-20839)

    Vulnerability from nvd – Published: 2021-11-01 01:50 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.
    Severity
    No CVSS data available.
    CWE
    • XML external entities (XXE)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Antenna House, Inc. Office Server Document Converter Affected: V7.2MR4 and earlier and V7.1MR7 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Office Server Document Converter",
              "vendor": "Antenna House, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V7.2MR4 and earlier and V7.1MR7 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XML external entities (XXE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-01T01:50:16.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20839",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Office Server Document Converter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Antenna House, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XML external entities (XXE)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html",
                  "refsource": "MISC",
                  "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN33453839/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20839",
        "datePublished": "2021-11-01T01:50:16.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20838 (GCVE-0-2021-20838)

    Vulnerability from nvd – Published: 2021-11-01 01:50 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document.
    Severity
    No CVSS data available.
    CWE
    • XML external entities (XXE)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Antenna House, Inc. Office Server Document Converter Affected: V7.2MR4 and earlier and V7.1MR7 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.724Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Office Server Document Converter",
              "vendor": "Antenna House, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V7.2MR4 and earlier and V7.1MR7 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XML external entities (XXE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-01T01:50:14.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20838",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Office Server Document Converter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Antenna House, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XML external entities (XXE)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html",
                  "refsource": "MISC",
                  "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN33453839/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20838",
        "datePublished": "2021-11-01T01:50:14.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20839 (GCVE-0-2021-20839)

    Vulnerability from cvelistv5 – Published: 2021-11-01 01:50 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.
    Severity
    No CVSS data available.
    CWE
    • XML external entities (XXE)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Antenna House, Inc. Office Server Document Converter Affected: V7.2MR4 and earlier and V7.1MR7 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.634Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Office Server Document Converter",
              "vendor": "Antenna House, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V7.2MR4 and earlier and V7.1MR7 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XML external entities (XXE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-01T01:50:16.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20839",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Office Server Document Converter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Antenna House, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XML external entities (XXE)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html",
                  "refsource": "MISC",
                  "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN33453839/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20839",
        "datePublished": "2021-11-01T01:50:16.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-20838 (GCVE-0-2021-20838)

    Vulnerability from cvelistv5 – Published: 2021-11-01 01:50 – Updated: 2024-08-03 17:53
    VLAI
    Summary
    Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document.
    Severity
    No CVSS data available.
    CWE
    • XML external entities (XXE)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Antenna House, Inc. Office Server Document Converter Affected: V7.2MR4 and earlier and V7.1MR7 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:53:22.724Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Office Server Document Converter",
              "vendor": "Antenna House, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V7.2MR4 and earlier and V7.1MR7 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XML external entities (XXE)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-11-01T01:50:14.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2021-20838",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Office Server Document Converter",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "V7.2MR4 and earlier and V7.1MR7 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Antenna House, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XML external entities (XXE)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html",
                  "refsource": "MISC",
                  "url": "https://www.antenna.co.jp/news/2021/osdc72-20211027.html"
                },
                {
                  "name": "https://jvn.jp/en/jp/JVN33453839/index.html",
                  "refsource": "MISC",
                  "url": "https://jvn.jp/en/jp/JVN33453839/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2021-20838",
        "datePublished": "2021-11-01T01:50:14.000Z",
        "dateReserved": "2020-12-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T17:53:22.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2021-000095

    Vulnerability from jvndb - Published: 2021-10-28 15:03 - Updated:2021-10-28 15:03
    Severity
    Summary
    Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter
    Details
    Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference (XXE) vulnerabilities listed below. * Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20838 Resource exhaustion in the PDF convert server may occur. * Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20839 Massive access to the other servers may occur.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000095.html",
      "dc:date": "2021-10-28T15:03+09:00",
      "dcterms:issued": "2021-10-28T15:03+09:00",
      "dcterms:modified": "2021-10-28T15:03+09:00",
      "description": "Office Server Document Converter provided by Antenna House, Inc. contains multiple improper restriction of XML external entity reference (XXE) vulnerabilities listed below. \r\n\r\n* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20838\r\nResource exhaustion in the PDF convert server may occur. \r\n* Improper restriction of XML external entity reference (XXE) (CWE-611) - CVE-2021-20839\r\nMassive access to the other servers may occur.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000095.html",
      "sec:cpe": {
        "#text": "cpe:/a:antennahouse:office_server_document_converter",
        "@product": "Office Server Document Converter",
        "@vendor": "Antenna House, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.4",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.2",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000095",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN33453839/index.html",
          "@id": "JVN#33453839",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20838",
          "@id": "CVE-2021-20838",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20839",
          "@id": "CVE-2021-20839",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20838",
          "@id": "CVE-2021-20838",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20839",
          "@id": "CVE-2021-20839",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Multiple improper restriction of XML external entity reference (XXE) vulnerabilities in Office Server Document Converter"
    }