PT-2022-4240 · Pki-Core+8 · Pki-Core+8

Egor Dimitrenko

Published

2022-06-10

Updated

2025-09-29

CVE-2022-2414

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions pki-core versions (affected versions not specified)

Description The issue is related to the incorrect restriction of XML external entities, which can lead to XML external entity (XXE) attacks. A remote attacker can potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. The vulnerability is associated with insufficient validation of user-input XML data, allowing an attacker to view the contents of arbitrary files on the server or initiate requests to external systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

ALSA-2022:7326

ALSA-2022:7470

ALSA-2022_7326

ALSA-2022_7470

ALSA-2025_16880

BDU:2022-05089

CESA-2022_7470

CESA-2022_8799

CVE-2022-2414

ELSA-2022-7326

ELSA-2022-7470

ELSA-2022-8799

OESA-2023-1417

OESA-2023-1418

OESA-2023-1419

RHSA-2022:7326

RHSA-2022:7470

RHSA-2022:8799

RHSA-2022:8915

RHSA-2022_7326

RHSA-2022_7470

RHSA-2022_8799

RHSA-2023:1747

RHSA-2023:1966

RHSA-2023:3394

RLSA-2022:7326

RLSA-2022:7470

RLSA-2022_7326

RLSA-2022_7470

ROSA-SA-2023-2120

USN-7146-1

Affected Products

Almalinux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

Pki-Core

PT-2022-4240 · Pki-Core+8 · Pki-Core+8

CVE-2022-2414

Weakness Enumeration

Related Identifiers

Affected Products

References · 52