What is CVE-2021-31842?

CVE-2021-31842 is a medium-severity vulnerability in Mcafee,llc Mcafee Endpoint Security (Ens) For Windows, classified under Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion). CVSS score: 5.0/10. Published 2021-09-17.

How severe is CVE-2021-31842?

Medium severity. CVSS v3 base score is 5.0 out of 10.

XXE in Mcafee,llc Mcafee Endpoint Security (Ens) For Windows

CVE-2021-31842

XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack throug…

EPSS: 0.000 (15.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.0 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H.

Affected products

Mcafee,llc Mcafee Endpoint Security (Ens) For Windows — versions unspecified

Weakness classification (CWE)

CWE-776 — Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)

References

kc.mcafee.com/corporate/index (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-31842?: CVE-2021-31842 is a medium-severity vulnerability in Mcafee,llc Mcafee Endpoint Security (Ens) For Windows, classified under Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion). CVSS score: 5.0/10. Published 2021-09-17.
How severe is CVE-2021-31842?: Medium severity. CVSS v3 base score is 5.0 out of 10.