How severe is CVE-2022-2458?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2022-2458?

This is classified as CWE-91, which is a common weakness in software security.

CVE-2022-2458 - HIGH Severity | CVSS 8.2

Vulnerability Description

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs.

Related Vulnerabilities

CVE-2020-6271

HIGH

CVSS:8.2(High)

SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and rea...

CWE-912020

CVE-2022-46751

HIGH

CVSS:8.2(High)

Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy pri...

CWE-912022

CVE-2024-42374

HIGH

CVSS:8.2(High)

BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. An attacker can retrieve information from the SAP ADS system and exhaust the n...

CWE-912024

CVE-2019-0268

HIGH

CVSS:8.1(High)

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.

CWE-912019

CVE-2022-22784

HIGH

CVSS:8.1(High)

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of ...

CWE-912022

CVE-2024-28109

HIGH

CVSS:8.1(High)

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This ...

CWE-912024