Rewterz Threat Alert – Trickbot – Active IOCs
March 15, 2021Rewterz Threat Advisory – ICS: Siemens SINEMA Remote Connect Server
March 15, 2021Rewterz Threat Alert – Trickbot – Active IOCs
March 15, 2021Rewterz Threat Advisory – ICS: Siemens SINEMA Remote Connect Server
March 15, 2021Severity
Medium
Analysis Summary
CVE-2021-21366
Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by improper preserve of system identifiers, FPIs or namespaces during XML processing. By repeatedly parsing and serializing specially-crafted documents, an attacker could exploit this vulnerability to cause unexpected syntactic changes in some downstream applications.
Impact
Bypass Security
Affected Vendors
NodeJs
Affected Products
Node.js xmldom 0.4.0
Remediation
Upgrade to the latest version of xmldom (0.5.0 or later).