Home > Vulnerability Database > CVE-2022-4725

Mend.io Vulnerability Database

CVE-2022-4725

Good to know:

Date: December 23, 2022

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

Language: Java

Severity Score

5.5

Related Resources (7)

Url: https://github.com/aws-amplify/aws-sdk-android/commit/c3e6d69422e1f0c80fe53f2d757b8df97619af2b

Url: https://github.com/aws-amplify/aws-sdk-android/pull/3100

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-4725

Url: https://vuldb.com/?id.216737

Url: https://github.com/aws-amplify/aws-sdk-android/releases/tag/release_v2.59.1

Url: https://github.com/aws-amplify/aws-sdk-android

Url: https://www.mend.io/vulnerability-database/CVE-2022-4725

Severity Score

5.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version com.amazonaws:aws-android-sdk-mobile-client:2.59.1

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-4725

Good to know:

Date: December 23, 2022

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?