PT-2022-27424 · Unknown · Cbrn-Analysis
Dawid Czarnecki
+1
·
Published
2022-11-11
·
Updated
2022-11-16
·
CVE-2022-45194
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CBRN-Analysis versions prior to 22
Description
The issue allows XXE attacks via an XML document, leading to NTLMv2-SSP hash disclosure. This occurs when processing a malicious XML document.
Recommendations
For versions prior to 22, update to version 22 or later to resolve the issue. As a temporary workaround, consider restricting the processing of external XML documents to minimize the risk of exploitation. Avoid using the
am mws XML document in the affected system until the issue is resolved.Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cbrn-Analysis