Lucene search
+L
SafeFme Server

8 matches found

cve
cve
added 2022/09/19 12:0 a.m.69 views

CVE-2022-38339

CVE-2022-38339 concerns Safe Software FME Server, with a reported cross-site scripting (XSS) vulnerability on the login page. Affected versions include v2021.2.5, v2022.0.0.2 and earlier (per multiple sources in the connected set). The root cause is an XSS flaw that permits execution of arbitrary...

9.6CVSS5.9AI score0.00482EPSS
cve
cve
added 2022/09/13 12:0 a.m.63 views

CVE-2022-38342

CVE-2022-38342 affects Safe Software FME Server: configured versions prior to v2022.0.1.1 (e.g., v2021.2.5 and v2022.0.0.2 and below) contain a XML External Entity (XXE) vulnerability that allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF). Root caus...

8.5CVSS6.5AI score0.00508EPSS
cve
cve
added 2021/04/28 8:42 p.m.60 views

CVE-2020-22790

CVE-2020-22790 is an authenticated stored XSS in Safe FME Server (2019.2 and 2020.0 Beta). The vulnerability arises from allowing an attacker to inject arbitrary script/HTML by modifying a user’s name, with the XSS triggered when an administrator views the logs. The affected product is Safe FME S...

5.4CVSS5.3AI score0.01287EPSS
cve
cve
added 2021/04/28 8:43 p.m.52 views

CVE-2020-22789

The CVE-2020-22789 entry concerns an Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta. The underlying issue allows an attacker to escalate to admin privileges by injecting arbitrary script/HTML via the login page, with the XSS executed when an administrator accesses the lo...

6.1CVSS6AI score0.01244EPSS
cve
cve
added 2022/09/20 12:0 a.m.51 views

CVE-2022-38340

CVE-2022-38340 affects Safe Software FME Server; a Path Traversal flaw exists in the fmedataupload component and is described for FME Server versions before a likely fixed point (v2022.0.1.1 per PT-2022-24378 wording). The vulnerability enables uploading files to arbitrary locations on the server...

9.1CVSS7AI score0.0097EPSS
cve
cve
added 2022/09/19 12:0 a.m.50 views

CVE-2022-38341

Safe Software FME Server is affected by CVE-2022-38341 due to lack of server-side validation when creating a new user. Affected versions are v2021.2.5 and below (and related disclosures reference v2022.0.1.1 and earlier in some sources). The Red Hat and NVD records confirm the issue, describing a...

7.1CVSS6.9AI score0.005EPSS
cve
cve
added 2023/06/23 12:0 a.m.49 views

CVE-2023-35801

Affected software: Safe Software FME Server (prior to 2022.2.5). Vulnerability: directory traversal exposing the ability to bypass validation when editing a network-based resource connection, enabling unauthorized reading and writing of arbitrary files. Requirements/impact: attacker must have a u...

8.1CVSS8AI score0.01464EPSS
cve
cve
added 2018/12/23 9:0 p.m.45 views

CVE-2018-20402

CVE-2018-20402 affects Safe Software FME Server up to version 2018.1. The vulnerability enables three additional accounts (guest, user, author) in addition to the initial administrator, with passwords equal to their usernames. Logging in with these accounts grants the corresponding default privil...

8.8CVSS8.7AI score0.01035EPSS