1. Home
  2. CVE Database
  3. CVE-2022-2458
HIGH · 8.2

CVE-2022-2458

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an ...

Vulnerability Description

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
RedhatProcess Automation Manager< 7.13.1

Related Weaknesses (CWE)

CWE-91CWE-611

References

FAQ

What is CVE-2022-2458?

CVE-2022-2458 is a vulnerability with a CVSS score of 8.2 (HIGH). XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an ...

How severe is CVE-2022-2458?

CVE-2022-2458 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-2458?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Process Automation Manager.