← Back

CVE-2022-45326

nvd nist
Published: Dec 6, 2022Modified: Apr 23, 2025

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.2 / Impact: 3.6
Source: NVD

Description

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

Affected (6)

Kwoksys
1 product
Information Server
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Kwoksys
Information Server
Before 2.9.5
Information Server
Version 2.9.5 sp23
Information Server
Version 2.9.5 sp25
Information Server
Version 2.9.5 sp26
Information Server
Version 2.9.5 sp29
Information Server
Version 2.9.5 sp30

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory

Timeline

No history available yet.