CVE-2021-28110 Description TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in XML-parser that was fixed with a notification sent to customers. Additional Information During penetration testing of clients' infrastructure, several vulnerabilities in third-party software - TranzWare e-Commerce Payment Gateway (TWEC PG) - were discovered. The Software Development Company confirmed the vulnerabilities had been fixed and the patched software had been released. Vulnerability Type Other Fixed with a notification sent to customers using TWEC PG. Vendor of Product Compass Plus Ltd. Affected Product Code Base TranzWare e-Commerce Payment Gateway (TWEC PG) - before 3.1.27.5 Attack Type Remote Affected Component /exec Discoverers Dmitriy Tatarov Evgeny Borovkov Deiteriy Co. Ltd. Reference https://compassplus.ru/solutions/plug-play/merchant-acquiring/