Fme Server Security Vulnerabilities and Issues — Fme Server CVE List

Lucene search

SafeFme Server

4 matches found

CVE•added 2022/09/13 8:15 p.m.•47 views

CVE-2022-38342

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.

8.5CVSS6.5AI score0.00205EPSS

CVE•added 2022/09/19 10:15 p.m.•42 views

CVE-2022-38339

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.

9.6CVSS5.9AI score0.00569EPSS

CVE•added 2022/09/20 6:15 p.m.•35 views

CVE-2022-38340

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload.

9.1CVSS7AI score0.00341EPSS

CVE•added 2022/09/19 2:15 p.m.•35 views

CVE-2022-38341

Safe Software FME Server v2021.2.5 and below does not employ server-side validation.

7.1CVSS6.9AI score0.00215EPSS