Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-2414

Опубликовано: 10 июн. 2022
Источник: redhat
CVSS3: 7.5
EPSS Критический

Описание

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

Меры по смягчению последствий

There is no known mitigation for this issue, please update the affected package as soon as possible.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Certificate System 10pki-coreAffected
Red Hat Enterprise Linux 6pki-coreOut of support scope
Red Hat Certificate System 9.7pki-coreFixedRHSA-2022:891512.12.2022
Red Hat Enterprise Linux 7pki-coreFixedRHSA-2022:879906.12.2022
Red Hat Enterprise Linux 8pki-coreFixedRHSA-2022:747008.11.2022
Red Hat Enterprise Linux 8.2 Advanced Update Supportpki-coreFixedRHSA-2023:174712.04.2023
Red Hat Enterprise Linux 8.2 Telecommunications Update Servicepki-coreFixedRHSA-2023:174712.04.2023
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutionspki-coreFixedRHSA-2023:174712.04.2023
Red Hat Enterprise Linux 8.4 Extended Update Supportpki-coreFixedRHSA-2023:196625.04.2023
Red Hat Enterprise Linux 8.6 Extended Update Supportpki-coreFixedRHSA-2023:339431.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=2104676pki-core: access to external entities when parsing XML can lead to XXE

EPSS

Процентиль: 100%
0.91576
Критический

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-2414

CVSS3: 7.5
ubuntu
почти 3 года назад

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

nvd логотип

CVE-2022-2414

CVSS3: 7.5
nvd
почти 3 года назад

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

debian логотип

CVE-2022-2414

CVSS3: 7.5
debian
почти 3 года назад

Access to external entities when parsing XML documents can lead to XML ...

redos логотип

ROS-20230418-04

CVSS3: 7.5
redos
около 2 лет назад

Уязвимость pki-core

rocky логотип

RLSA-2022:7470

rocky
больше 2 лет назад

Important: pki-core:10.6 and pki-deps:10.6 security and bug fix update

EPSS

Процентиль: 100%
0.91576
Критический

7.5 High

CVSS3

Уязвимость CVE-2022-2414