CVE-2022-43512

Name of the Vulnerable Software and Affected Versions VBASE Automation Base versions prior to 11.7.5

Description The issue is related to incorrect restriction of XML external entity references, which can lead to information disclosure when a valid user opens a specially crafted file. This may allow an attacker to cause a denial of service or gain unauthorized access to confidential data.

Recommendations For versions prior to 11.7.5, update to version 11.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to specially crafted files that could exploit the XML external entity processing vulnerability. Avoid using the DBConnections file parsing functionality until the issue is resolved.