← back
CVE-2022-38342

CVE-2022-38342

CVSS 8.5 HIGHEPSS 0.5%
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.
CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://community.safe.com/s/article/Known-Issue-FME-Server-XXE-vulnerability-via-adding-a-repository-itemhttps://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/