CVE-2021-41303 - Improper Authentication

Severity: Low2021-10-18

Security Advisories

Abstract

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass.

The Oxygen XML Web Author products incorporates the Apache Shiro as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Web Author 23.1 and olderLow Oxygen XML Web Author 24.0 build 2021101122
Oxygen XML Web Author 23.1 build 2021112409
Oxygen Content Fusion 4.1 and olderLow Oxygen Content Fusion 4.1.2 build 2021112414

Mitigation

None

Detail

CVE-2021-41303

Severity: Critical

CVSS Score: 9.8

The Apache Shiro third-party library used by Oxygen XML software products is an affected version mentioned in CVE-2021-41303 vulnerability description. However, Spring Boot is not included in Oxygen XML software products. Therefore Oxygen XML software products are not impacted by CVE-2021-41303.

Starting with Oxygen XML Web Author version 24.0, the Apache Shiro was updated to version 1.8.0, which includes a fix for CVE-2021-41303.

Revision History

2021-12-06 Starting with Oxygen XML Web Author version 23.1 build 2021112409, the Apache Shiro was updated to version 1.8.0, which includes a fix for CVE-2021-41303.

2021-12-07 Starting with Oxygen Content Fusion version 4.1 build 2021112414, the Apache Shiro was updated to version 1.8.0, which includes a fix for CVE-2021-41303.

List of Security Advisories

Video Tutorials
Upcoming Events
conference
Declarative Amsterdam 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor