CVE-2022-47514

Name of the Vulnerable Software and Affected Versions XML-RPC.NET versions prior to 2.5.0

Description An XML external entity (XXE) injection issue allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. This can be demonstrated by a "pingback.aspx" POST request.

Recommendations For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the XML-RPC.NET service until a patch is applied.