Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2021-40690 is a high severity vulnerability with a CVSS score of 7.5. No known exploits currently, and patches are available.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
Moderate probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
| Vendor | Product |
|---|---|
| Oracle | Communications Messaging Server |
| Oracle | Retail Merchandising System |
| Oracle | Retail Bulk Data Integration |
| Oracle | Retail Financial Integration |
| Oracle | Retail Integration Bus |
| Oracle | Retail Service Backbone |
| Debian | Debian Linux |
| Oracle | Flexcube Private Banking |
| Oracle | Weblogic Server |
| Oracle | Commerce Guided Search |
And 8 more...