CVE-2022-38342 HIGH

CVE-2022-38342

Vendor N/A
Product n/a
Published September 13, 2022
Last update August 3, 2024

CVSS base score

8.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N

What the vulnerability does

01Description

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.

Key dates

02Disclosure timeline

September 13, 2022 CVE published
August 3, 2024 Record updated