CVE-2022-38342

Опубликовано: 13 сент. 2022

Источник: nvd

CVSS3: 8.5

CVSS3: 6.5

EPSS Низкий

Описание

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.

Ссылки

https://community.safe.com/s/article/Known-Issue-FME-Server-XXE-vulnerability-via-adding-a-repository-item
Vendor Advisory
https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/
Third Party Advisory
https://community.safe.com/s/article/Known-Issue-FME-Server-XXE-vulnerability-via-adding-a-repository-item
Vendor Advisory
https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:safe:fme_server:*:*:*:*:*:*:*:*

Версия до 2021.2.6.0 (исключая)

cpe:2.3:a:safe:fme_server:*:*:*:*:*:*:*:*

Версия от 2022.0.0.0 (включая) до 2022.0.0.2 (исключая)

EPSS

Процентиль: 57%

0.00345

Низкий

8.5 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-g83j-rjq4-8487

CVSS3: 6.5

github

больше 3 лет назад

Safe Software FME Server v2022.0.1.1 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.

EPSS

Процентиль: 57%

0.00345

Низкий

8.5 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-611