PT-2022-27728 · Unknown · 3D City Database Ogc Web Feature Service
Published
2022-12-18
·
Updated
2024-05-17
·
CVE-2022-4607
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
3D City Database OGC Web Feature Service versions up to 5.2.1
Description
A vulnerability was found in the 3D City Database OGC Web Feature Service, which affects some unknown processing and leads to xml external entity reference. The manipulation of this issue has been rated as problematic.
Recommendations
For versions up to 5.2.1, upgrade to version 5.3.0 to address this issue. It is recommended to upgrade the affected component. As a temporary workaround, consider restricting the use of the xml external entity reference functionality until the patch is applied.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
3D City Database Ogc Web Feature Service