CVE-2022-38342

medium

Description

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.

References

https://www.cycura.com/blog/safe-software-inc-fme-server-vulnerability-disclosure/

https://community.safe.com/s/article/Known-Issue-FME-Server-XXE-vulnerability-via-adding-a-repository-item

Details

Source: Mitre, NVD

Published: 2022-09-13

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N