8 matches found
CVE-2022-38339
CVE-2022-38339 concerns Safe Software FME Server, with a reported cross-site scripting (XSS) vulnerability on the login page. Affected versions include v2021.2.5, v2022.0.0.2 and earlier (per multiple sources in the connected set). The root cause is an XSS flaw that permits execution of arbitrary...
CVE-2022-38342
CVE-2022-38342 affects Safe Software FME Server: configured versions prior to v2022.0.1.1 (e.g., v2021.2.5 and v2022.0.0.2 and below) contain a XML External Entity (XXE) vulnerability that allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF). Root caus...
CVE-2020-22790
CVE-2020-22790 is an authenticated stored XSS in Safe FME Server (2019.2 and 2020.0 Beta). The vulnerability arises from allowing an attacker to inject arbitrary script/HTML by modifying a user’s name, with the XSS triggered when an administrator views the logs. The affected product is Safe FME S...
CVE-2020-22789
The CVE-2020-22789 entry concerns an Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta. The underlying issue allows an attacker to escalate to admin privileges by injecting arbitrary script/HTML via the login page, with the XSS executed when an administrator accesses the lo...
CVE-2022-38340
CVE-2022-38340 affects Safe Software FME Server; a Path Traversal flaw exists in the fmedataupload component and is described for FME Server versions before a likely fixed point (v2022.0.1.1 per PT-2022-24378 wording). The vulnerability enables uploading files to arbitrary locations on the server...
CVE-2022-38341
Safe Software FME Server is affected by CVE-2022-38341 due to lack of server-side validation when creating a new user. Affected versions are v2021.2.5 and below (and related disclosures reference v2022.0.1.1 and earlier in some sources). The Red Hat and NVD records confirm the issue, describing a...
CVE-2023-35801
Affected software: Safe Software FME Server (prior to 2022.2.5). Vulnerability: directory traversal exposing the ability to bypass validation when editing a network-based resource connection, enabling unauthorized reading and writing of arbitrary files. Requirements/impact: attacker must have a u...
CVE-2018-20402
CVE-2018-20402 affects Safe Software FME Server up to version 2018.1. The vulnerability enables three additional accounts (guest, user, author) in addition to the initial administrator, with passwords equal to their usernames. Logging in with these accounts grants the corresponding default privil...