CVE-2021-33950 – CVE-2021-33950 is an XML external entity (XXE) ... (How to Fix)

Q: What is the severity of CVE-2021-33950?

CVE-2021-33950 has a CVSS score of 7.5 (HIGH). CVE-2021-33950 is an XML external entity (XXE) vulnerability in OpenKM document management system that allows attackers to extract sensitive information via the XMLTextExtractor function. This affects OpenKM installations where attackers can submit specially crafted XML documents. Organizations using vulnerable OpenKM versions for document management are at risk.

📋 TL;DR

CVE-2021-33950 is an XML external entity (XXE) vulnerability in OpenKM document management system that allows attackers to extract sensitive information via the XMLTextExtractor function. This affects OpenKM installations where attackers can submit specially crafted XML documents. Organizations using vulnerable OpenKM versions for document management are at risk.

💻 Affected Systems

Products:

OpenKM Document Management System

Versions: v6.3.10 and earlier versions

Operating Systems: All platforms running OpenKM

Default Config Vulnerable: ⚠️ Yes

Notes: All OpenKM installations using the vulnerable XMLTextExtractor function are affected regardless of configuration.

📦 What is this software?

Openkm by Openkm

View all CVEs affecting Openkm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including extraction of sensitive files, configuration data, and potentially credentials from the server.

🟠

Likely Case

Unauthorized access to sensitive documents and metadata stored in the OpenKM system.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH - Web-accessible document management systems are prime targets for information disclosure attacks.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to access unauthorized documents.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in XML parsing and requires minimal technical skill to exploit with available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit ce1d82329615aea6aa9f2cc6508c1fe7891e34b5 and later versions

Vendor Advisory: https://github.com/openkm/document-management-system/commit/ce1d82329615aea6aa9f2cc6508c1fe7891e34b5

Restart Required: Yes

Instructions:

1. Update OpenKM to version after commit ce1d82329615aea6aa9f2cc6508c1fe7891e34b5. 2. Restart the OpenKM service. 3. Verify the fix by testing XML upload functionality.

🔧 Temporary Workarounds

Disable XML upload functionality

all

Temporarily disable XML document uploads in OpenKM configuration

Edit OpenKM configuration to restrict XML file uploads

Implement WAF rules

all

Add web application firewall rules to block XXE payloads

Add WAF rules to detect and block XML external entity declarations

🧯 If You Can't Patch

Implement strict network segmentation to isolate OpenKM from untrusted networks
Deploy application-level monitoring for XML parsing anomalies and file extraction attempts

🔍 How to Verify

Check if Vulnerable:

Test by uploading an XML file containing XXE payload to OpenKM and checking if it extracts system files.

Check Version:

Check OpenKM version in administration panel or via system configuration files

Verify Fix Applied:

Attempt the same XXE payload after patching; it should be rejected or processed safely without file extraction.

📡 Detection & Monitoring

Log Indicators:

Unusual XML file uploads
Multiple failed XML parsing attempts
Requests to system files from XML processing

Network Indicators:

XML payloads containing file:// or http:// entities
Unusual outbound connections from OpenKM server

SIEM Query:

source="openkm" AND (message="XML parsing error" OR message="file upload" AND file_extension="xml")

📊 Metadata

CVE ID: CVE-2021-33950

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-611

Published: February 17, 2023

Last Updated: March 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33950, you might also want to check these: