Lucene search

[email protected]CVE-2022-38342

HistorySep 13, 2022 - 8:15 p.m.

CVE-2022-38342

2022-09-1320:15:09

CWE-611

[email protected]

web.nvd.nist.gov

safe software

fme server

xxe vulnerability

data exfiltration

ssrf

cve-2022-38342

nvd

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

28.4%

JSON

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.

Affected configurations

NVD

Node

safefme_serverRange<2021.2.6.0

safefme_serverRange2022.0.0.0–2022.0.0.2

CPENameOperatorVersion
safe:fme_serversafe fme serverlt2021.2.6.0
safe:fme_serversafe fme serverlt2022.0.0.2

CPE	Name	Operator	Version
safe:fme_server	safe fme server	lt	2021.2.6.0
safe:fme_server	safe fme server	lt	2022.0.0.2

References

community.safe.com/s/article/Known-Issue-FME-Server-XXE-vulnerability-via-adding-a-repository-item

www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/

Social References

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

0.001 Low

EPSS

Percentile

28.4%

JSON

Related for CVE-2022-38342

prion1 nvd1 cvelist1