Morpheusdata

morpheusdata

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Morpheus

morpheus

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-31261 1Morpheusdata 1Morpheus Nov 21, 2024 May 24, 2022 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the un...Show more An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2022-31261

1Morpheusdata

1Morpheus

Nov 21, 2024

May 24, 2022

N/A· v4

7.5 HIGH· v3

4.3 MEDIUM· v2

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to.Show less