CVE-2022-1331 MEDIUM

CVE-2022-1331: Delta Electronics DMARS Improper Restriction of XML External Entity Reference

Vendor Delta Electronics
Product DMARS
Weakness CWE-611 · XXE
Published May 3, 2022
Last update April 16, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.

Key dates

02Disclosure timeline

May 3, 2022 CVE published
April 16, 2025 Record updated