CVE-2022-2458
Last modified
CVE-2022-2458 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. EPSS estimates a 0.67% chance of exploitation in the next 30 days.
Description
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Process Automation Manager | < 7.13.1 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2107994#c0Issue Tracking, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2107994#c0Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-2458?
How severe is CVE-2022-2458?
How do I fix CVE-2022-2458?
Are you affected by CVE-2022-2458?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST