CVE-2020-22789

Name of the Vulnerable Software and Affected Versions FME Server versions 2019.2 and 2020.0 Beta

Description The issue allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The malicious script is executed when an administrator accesses the logs.

Recommendations For FME Server version 2019.2, update to a version that contains a fix for this issue. For FME Server version 2020.0 Beta, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the login page and the logs to minimize the risk of exploitation.