CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2022-3340 (GCVE-0-2022-3340)
Vulnerability from cvelistv5 – Published: 2022-11-04 00:00 – Updated: 2025-04-30 14:33
VLAI
Title
Trellix IPS Manager vulnerable to XXE
Summary
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference (CWE-611)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trellix | Trellix IPS Manager |
Affected:
unspecified , < 10.1 M10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10388"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T14:33:11.428291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T14:33:30.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Trellix IPS Manager",
"vendor": "Trellix",
"versions": [
{
"lessThan": "10.1 M10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "Improper Restriction of XML External Entity Reference (CWE-611)\u202f",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-04T00:00:00.000Z",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"url": "https://kcm.trellix.com/corporate/index?page=content\u0026id=SB10388"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Trellix IPS Manager vulnerable to XXE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2022-3340",
"datePublished": "2022-11-04T00:00:00.000Z",
"dateReserved": "2022-09-27T00:00:00.000Z",
"dateUpdated": "2025-04-30T14:33:30.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35168 (GCVE-0-2022-35168)
Vulnerability from cvelistv5 – Published: 2022-07-12 20:27 – Updated: 2024-08-03 09:29
VLAI
Summary
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-16… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/3211203 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Business one |
Affected:
10.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/3211203"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Business one",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T20:27:54.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/3211203"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2022-35168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business one",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.0"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative."
}
]
},
"impact": {
"cvss": {
"baseScore": "null",
"vectorString": "null",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"refsource": "MISC",
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"name": "https://launchpad.support.sap.com/#/notes/3211203",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/3211203"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2022-35168",
"datePublished": "2022-07-12T20:27:54.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:29:17.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36969 (GCVE-0-2022-36969)
Vulnerability from cvelistv5 – Published: 2023-03-29 00:00 – Updated: 2025-02-18 16:43
VLAI
Summary
This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LoadImportedLibraries method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-17394.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1128/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-36969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:43:15.438562Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:43:19.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Edge",
"vendor": "AVEVA",
"versions": [
{
"status": "affected",
"version": "2020 SP2 Patch 0(4201.2111.1802.0000)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LoadImportedLibraries method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-17394."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2022-005.pdf"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1128/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-36969",
"datePublished": "2023-03-29T00:00:00.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-02-18T16:43:19.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38389 (GCVE-0-2022-38389)
Vulnerability from cvelistv5 – Published: 2023-02-02 18:00 – Updated: 2025-03-25 19:49
VLAI
Title
IBM Tivoli Workload Scheduler XML external entity injection
Summary
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/6890695 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Tivoli Workload Scheduler |
Affected:
9.4, 9.5, 10.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6890695"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233975"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T19:48:31.503050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T19:49:50.851Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Tivoli Workload Scheduler",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.4, 9.5, 10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975."
}
],
"value": "IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-02T18:00:54.967Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6890695"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233975"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Tivoli Workload Scheduler XML external entity injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-38389",
"datePublished": "2023-02-02T18:00:54.967Z",
"dateReserved": "2022-08-16T18:42:49.433Z",
"dateUpdated": "2025-03-25T19:49:50.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38419 (GCVE-0-2022-38419)
Vulnerability from cvelistv5 – Published: 2022-10-14 19:42 – Updated: 2025-04-23 16:48
VLAI
Title
Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read
Summary
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | ColdFusion |
Affected:
unspecified , ≤ CF2021U4
(custom)
Affected: unspecified , ≤ CF2018u14 (custom) Affected: unspecified , ≤ None (custom) |
Date Public
2022-10-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:06:06.605739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:48:51.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ColdFusion",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "CF2021U4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "CF2018u14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) (CWE-611)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-25T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe ColdFusion Solr Service XML External Entity Processing Arbitrary file system read"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-38419",
"datePublished": "2022-10-14T19:42:56.674Z",
"dateReserved": "2022-08-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:48:51.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39135 (GCVE-0-2022-39135)
Vulnerability from cvelistv5 – Published: 2022-09-11 00:00 – Updated: 2024-08-03 11:10
VLAI
Title
Apache Calcite: potential XEE attacks
Summary
Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators.
Severity
No CVSS data available.
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Calcite |
Affected:
1.22.0 , < 1.32.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082"
},
{
"name": "[oss-security] 20221121 Apache Solr is vulnerable to CVE-2022-39135 via /sql handler",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/21/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Calcite",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.32.0",
"status": "affected",
"version": "1.22.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Calcite would like to thank David Handermann for reporting this issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-20T17:43:18.972Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/ohdnhlgm6jvt3srw8l7spkm2d5vwm082"
},
{
"name": "[oss-security] 20221121 Apache Solr is vulnerable to CVE-2022-39135 via /sql handler",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/21/3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Calcite: potential XEE attacks",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-39135",
"datePublished": "2022-09-11T00:00:00.000Z",
"dateReserved": "2022-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T11:10:32.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39954 (GCVE-0-2022-39954)
Vulnerability from cvelistv5 – Published: 2023-02-16 18:06 – Updated: 2024-10-23 14:45
VLAI
Summary
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Information disclosure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiNAC |
Affected:
9.4.0 , ≤ 9.4.1
(semver)
Affected: 9.2.0 , ≤ 9.2.7 (semver) Affected: 9.1.0 , ≤ 9.1.8 (semver) Affected: 8.8.0 , ≤ 8.8.11 (semver) Affected: 8.7.0 , ≤ 8.7.6 (semver) Affected: 8.6.0 , ≤ 8.6.5 (semver) Affected: 8.5.0 , ≤ 8.5.4 (semver) Affected: 8.3.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:07:42.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-304",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-22-304"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:15:46.786394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:45:55.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiNAC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "9.4.1",
"status": "affected",
"version": "9.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.2.7",
"status": "affected",
"version": "9.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.1.8",
"status": "affected",
"version": "9.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.11",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.6",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.5",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.4",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T18:06:50.083Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-22-304",
"url": "https://fortiguard.com/psirt/FG-IR-22-304"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiNAC version 9.4.2 or above\r\nPlease upgrade to FortiNAC version 7.2.0 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-39954",
"datePublished": "2023-02-16T18:06:50.083Z",
"dateReserved": "2022-09-05T13:11:35.554Z",
"dateUpdated": "2024-10-23T14:45:55.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40705 (GCVE-0-2022-40705)
Vulnerability from cvelistv5 – Published: 2022-09-22 08:15 – Updated: 2024-08-03 12:21 Unsupported When Assigned
VLAI
Title
Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP
Summary
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/02yo04w93rdjmllz4… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/09/22/1 | mailing-listx_refsource_MLIST |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache SOAP |
Affected:
2.2 , < Apache SOAP*
(custom)
|
|
| apache | soap |
Affected:
2.2 , < *
(custom)
cpe:2.3:a:apache:soap:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:soap:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "soap",
"vendor": "apache",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "2.2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T18:54:06.693786Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T19:18:33.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl"
},
{
"name": "[oss-security] 20220922 CVE-2022-40705: Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache SOAP",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.2",
"status": "unknown"
}
],
"lessThan": "Apache SOAP*",
"status": "affected",
"version": "2.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache would like to thank TsungShu Chiu (CHT Security) for reporting this issue"
}
],
"descriptions": [
{
"lang": "en",
"value": "An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"metrics": [
{
"other": {
"content": {
"other": "important"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-22T11:05:59.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl"
},
{
"name": "[oss-security] 20220922 CVE-2022-40705: Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/22/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP",
"workarounds": [
{
"lang": "en",
"value": "We do not expect to release a version that fixes this problem. Instead, we recommend users to migrate to one of the other actively maintained web service stacks such as Apache CXF (https://cxf.apache.org) or Apache Axis (https://axis.apache.org).\n\nApache SOAP is an archived project, with the last release published in 2003. This means it is no longer maintained, does not receive updates, and we do not commit to publishing CVE\u0027s for security problems in this project. This advisory is published purely as a courtesy."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-40705",
"STATE": "PUBLIC",
"TITLE": "Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache SOAP",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "Apache SOAP",
"version_value": "2.2"
},
{
"version_affected": "?\u003c",
"version_name": "Apache SOAP",
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache would like to thank TsungShu Chiu (CHT Security) for reporting this issue"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "important"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl"
},
{
"name": "[oss-security] 20220922 CVE-2022-40705: Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/09/22/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "We do not expect to release a version that fixes this problem. Instead, we recommend users to migrate to one of the other actively maintained web service stacks such as Apache CXF (https://cxf.apache.org) or Apache Axis (https://axis.apache.org).\n\nApache SOAP is an archived project, with the last release published in 2003. This means it is no longer maintained, does not receive updates, and we do not commit to publishing CVE\u0027s for security problems in this project. This advisory is published purely as a courtesy."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-40705",
"datePublished": "2022-09-22T08:15:16.000Z",
"dateReserved": "2022-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T12:21:46.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41967 (GCVE-0-2022-41967)
Vulnerability from cvelistv5 – Published: 2022-12-27 23:45 – Updated: 2025-04-14 16:23
VLAI
Title
Improper Restriction of XML External Entity Reference in Dragonfly
Summary
Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerability may be avoided by not trying to resolve `SNAPSHOT` versions.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/HyperaDev/Dragonfly/security/a… | x_refsource_CONFIRM |
| https://github.com/HyperaDev/Dragonfly/commit/966… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:39.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/HyperaDev/Dragonfly/security/advisories/GHSA-6x3m-96qp-mmxv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/HyperaDev/Dragonfly/security/advisories/GHSA-6x3m-96qp-mmxv"
},
{
"name": "https://github.com/HyperaDev/Dragonfly/commit/9661375e1135127ca6cdb5712e978bec33cc06b3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/HyperaDev/Dragonfly/commit/9661375e1135127ca6cdb5712e978bec33cc06b3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:21:19.096339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T16:23:21.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dragonfly",
"vendor": "HyperaDev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.3.0-SNAPSHOT, \u003c 0.3.1-SNAPSHOT"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerability may be avoided by not trying to resolve `SNAPSHOT` versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T23:45:00.786Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/HyperaDev/Dragonfly/security/advisories/GHSA-6x3m-96qp-mmxv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/HyperaDev/Dragonfly/security/advisories/GHSA-6x3m-96qp-mmxv"
},
{
"name": "https://github.com/HyperaDev/Dragonfly/commit/9661375e1135127ca6cdb5712e978bec33cc06b3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/HyperaDev/Dragonfly/commit/9661375e1135127ca6cdb5712e978bec33cc06b3"
}
],
"source": {
"advisory": "GHSA-6x3m-96qp-mmxv",
"discovery": "UNKNOWN"
},
"title": "Improper Restriction of XML External Entity Reference in Dragonfly"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41967",
"datePublished": "2022-12-27T23:45:00.786Z",
"dateReserved": "2022-09-30T16:38:28.949Z",
"dateUpdated": "2025-04-14T16:23:21.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42341 (GCVE-0-2022-42341)
Vulnerability from cvelistv5 – Published: 2022-10-14 19:42 – Updated: 2025-04-23 16:48
VLAI
Title
Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system read
Summary
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | ColdFusion |
Affected:
unspecified , ≤ CF2021U4
(custom)
Affected: unspecified , ≤ CF2018u14 (custom) Affected: unspecified , ≤ None (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:03:45.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:05:55.583185Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:48:08.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ColdFusion",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "CF2021U4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "CF2018u14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) (CWE-611)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-14T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe ColdFusion Improper Restriction of XML External Entity Reference Arbitrary file system read"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2022-42341",
"datePublished": "2022-10-14T19:42:58.021Z",
"dateReserved": "2022-10-03T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:48:08.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Implementation, System Configuration
Description:
- Many XML parsers and validators can be configured to disable external entity expansion.
CAPEC-221: Data Serialization External Entities Blowup
This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.