CVE-2022-2458

CWE-91CWE-611XML External Entity (XXE)CWE-476NULL Pointer DereferenceCWE-121Stack-based Buffer OverflowCWE-911CWE-362Race Condition10 documents4 sources
Severity
8.2HIGH
EPSS
0.5%
top 34.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Process Automation Manager
Timeline
PublishedAug 10
Latest updateJun 18

Description

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external ent

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

CVEListV5red_hat_process_automation_manager_7Fixed in 7.13.1

🔴Vulnerability Details

2
GHSA
GHSA-hfj4-xq5f-7mc7: XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data2022-08-11
CVEList
CVE-2022-2458: XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data2022-08-09

📋Vendor Advisories

7
Red Hat
kernel: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report2025-06-18
Red Hat
kernel: gadgetfs: ep_io - wait until IRQ finishes2025-06-18
Red Hat
kernel: ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe2025-06-18
Red Hat
kernel: usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()2025-06-18
Red Hat
kernel: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.2025-02-26
CVE-2022-2458 (HIGH CVSS 8.2) | XML external entity injection(XXE) | cvebase.io