XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-09T20:15:08

Updated: 2024-08-03T00:39:07.716Z

Reserved: 2022-07-18T00:00:00

Link: CVE-2022-2458

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-08-10T20:15:36.367

Modified: 2024-11-21T07:01:01.700

Link: CVE-2022-2458

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-07-18T00:00:00Z

Links: CVE-2022-2458 - Bugzilla