CVE-2021-44145 Vulnerability Details

  /     /     /  

CVE-2021-44145 Metadata Quick Info

CVE Published: 17/12/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: apache | Vendor: Apache Software Foundation | Product: Apache NiFi
Status : PUBLISHED

---

CVE-2021-44145 Description

In the TransformXML processor of Apache NiFi before 1.15.1 an authenticated user could configure an XSLT file which, if it included malicious external entity calls, may reveal sensitive information.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Sensitive information disclosure
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).