CVE-2024-22218

Name of the Vulnerable Software and Affected Versions Terminalfour versions 8.0.0001 through 8.3.18 XML JDBC versions up to 1.0.4

Description The issue allows authenticated users to submit malicious XML via unspecified features, potentially leading to accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks.

Recommendations For Terminalfour versions 8.0.0001 through 8.3.18, consider disabling the XML submission feature until a patch is available. For XML JDBC versions up to 1.0.4, restrict access to the XML JDBC module to minimize the risk of exploitation. As a temporary workaround, avoid using the unspecified features that allow malicious XML submission until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.