CVE-2021-3541
Published on: 07/09/2021 12:00:00 AM UTC
Last Modified on: 03/01/2022 06:25:00 PM UTC
Certain versions of Active Iq Unified Manager from Netapp contain the following vulnerability:
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
- CVE-2021-3541 has been assigned by
seca[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.5 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | NONE | NONE | HIGH |
CVSS2 Score: 4 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | LOW | SINGLE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| NONE | NONE | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| CVE-2021-3541 Libxml2 Vulnerability in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20210805-0007/ |
| Oracle Critical Patch Update Advisory - January 2022 | www.oracle.com text/html |
MISC www.oracle.com/security-alerts/cpujan2022.html |
| 1950515 – (CVE-2021-3541) CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms | bugzilla.redhat.com text/html |
MISC bugzilla.redhat.com/show_bug.cgi?id=1950515 |
Related QID Numbers
- 159285 Oracle Enterprise Linux Security Update for libxml2 (ELSA-2021-2569)
- 178608 Debian Security Update for libxml2 (DLA 2669-1)
- 180540 Debian Security Update for libxml2 (CVE-2021-3541)
- 198409 Ubuntu Security Notification for libxml2 vulnerabilities (USN-4991-1)
- 239468 Red Hat Update for libxml2 (RHSA-2021:2569)
- 240235 Red Hat Update for JBoss Core Services (RHSA-2022:1389)
- 281155 Fedora Security Update for libxml2 (FEDORA-2021-e8b7e177a4)
- 281707 Fedora Security Update for libxml2 (FEDORA-2021-b950000d2b)
- 282302 Fedora Security Update for qt5 (FEDORA-2022-ecdf338eb1)
- 282329 Fedora Security Update for qt5 (FEDORA-2022-e39987b17d)
- 296065 Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)
- 352392 Amazon Linux Security Advisory for libxml2: ALAS2-2021-1662
- 354638 Amazon Linux Security Advisory for libxml2 : AL2012-2022-370
- 354929 Amazon Linux Security Advisory for libxml2 : ALAS-2023-1743
- 377408 Alibaba Cloud Linux Security Update for libxml2 (ALINUX3-SA-2021:0047)
- 377937 Splunk Enterprise Multiple Vulnerabilities (svd-2022-0804)
- 500343 Alpine Linux Security Update for libxml2
- 501424 Alpine Linux Security Update for libxml2
- 501915 Alpine Linux Security Update for qt5-qtwebengine
- 501968 Alpine Linux Security Update for libxml2
- 502486 Alpine Linux Security Update for libxml2
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 670491 EulerOS Security Update for libxml2 (EulerOS-SA-2021-2249)
- 670517 EulerOS Security Update for libxml2 (EulerOS-SA-2021-2275)
- 670548 EulerOS Security Update for libxml2 (EulerOS-SA-2021-2306)
- 670581 EulerOS Security Update for libxml2 (EulerOS-SA-2021-2339)
- 670648 EulerOS Security Update for libxml2 (EulerOS-SA-2021-2406)
- 670851 EulerOS Security Update for libxml2 (EulerOS-SA-2021-2406)
- 670996 EulerOS Security Update for libxml2 (EulerOS-SA-2021-2595)
- 690134 Free Berkeley Software Distribution (FreeBSD) Security Update for libxml2 (524bd03a-bb75-11eb-bf35-080027f515ea)
- 710071 Gentoo Linux libxml2 Multiple vulnerabilities (GLSA 202107-05)
- 750136 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2021:1917-1)
- 750642 OpenSUSE Security Update for libxml2 (openSUSE-SU-2021:0886-1)
- 750677 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2021:2016-1)
- 750770 OpenSUSE Security Update for libxml2 (openSUSE-SU-2021:1917-1)
- 753947 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2023:2048-1)
- 940375 AlmaLinux Security Update for libxml2 (ALSA-2021:2569)
- 960016 Rocky Linux Security Update for libxml2 (RLSA-2021:2569)
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Netapp | Active Iq Unified Manager | - | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Application | Netapp | Clustered Data Ontap | - | All | All | All |
| Application | Netapp | Clustered Data Ontap Antivirus Connector | - | All | All | All |
| Hardware
| Netapp | H300e | - | All | All | All |
| Operating System | Netapp | H300e Firmware | - | All | All | All |
| Hardware
| Netapp | H300s | - | All | All | All |
| Operating System | Netapp | H300s Firmware | - | All | All | All |
| Hardware
| Netapp | H410c | - | All | All | All |
| Operating System | Netapp | H410c Firmware | - | All | All | All |
| Hardware
| Netapp | H410s | - | All | All | All |
| Operating System | Netapp | H410s Firmware | - | All | All | All |
| Hardware
| Netapp | H500e | - | All | All | All |
| Operating System | Netapp | H500e Firmware | - | All | All | All |
| Hardware
| Netapp | H500s | - | All | All | All |
| Operating System | Netapp | H500s Firmware | - | All | All | All |
| Hardware
| Netapp | H700e | - | All | All | All |
| Operating System | Netapp | H700e Firmware | - | All | All | All |
| Hardware
| Netapp | H700s | - | All | All | All |
| Operating System | Netapp | H700s Firmware | - | All | All | All |
| Application | Netapp | Manageability Software Development Kit | - | All | All | All |
| Application | Netapp | Ontap Select Deploy Administration Utility | - | All | All | All |
| Application | Netapp | Smi-s Provider | - | All | All | All |
| Application | Netapp | Snapdrive | - | All | All | All |
| Application | Oracle | Zfs Storage Appliance Kit | 8.8 | All | All | All |
| Application | Redhat | Jboss Core Services | - | All | All | All |
| Application | Xmlsoft | Libxml2 | All | All | All | All |
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*:
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*:
- cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*:
- cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*:
- cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*:
- cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 /r/netcve |
CVE-2021-3541 | 2021-07-09 17:41:18 |