Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-2458

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs.

Published

2022-08-10T20:15:36.367

Last Modified

2024-11-21T07:01:01.700

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Type: Secondary
CWE-91
Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	process_automation_manager	< 7.13.1	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=2107994#c0 Issue Tracking, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2107994#c0 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)