CVE-2022-38342 FME Server v2021.2.5, v2022.0.0.2 and older contains a XXE vulnerability which allows attackers to exfiltrate/SSRF data.
An attacker can exploit this vulnerability by sending a specially crafted request to the affected application, causing a denial of service condition for the server
CVE-2022-40323 SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.
This was addressed in 22.1.66.13 and later. Cisco WebEx Teams does not support the use of XSS in any of its components.
CVE-2022-36093 XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. User accounts can be created even when user registration is disabled.
The template which comes with the installation media, xpart.vm, is a template for the installation of XWiki and cannot be used for creating new
CVE-2022-37189 DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service
If external entities are not prevented from being loaded into an application, then they can be used to corrupt data or cause other problems. For
CVE-2022-36773 IBM Cognos Analytics is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
In certain configurations, IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a Denial of Service (DoS) attack.
Episode
00:00:00
00:00:00