XML External Entity (XXE) Vulnerability in Safe Software FME Server v2021.2.5 and v2022.0.0.2 and Below

XML External Entity (XXE) Vulnerability in Safe Software FME Server v2021.2.5 and v2022.0.0.2 and Below

CVE-2022-38342 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.

Learn more about our Cis Benchmark Audit For Server Software.