Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2022-0467
Good to know:
Date: July 20, 2022
An XML External Entity (XXE) Injection vulnerability was found in reload4j through 1.2.21. Users are advised to upgrade to version 1.2.22 or higher.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Improper Restriction of XML External Entity Reference
CWE-611Top Fix
Upgrade Version
Upgrade to version fiji - 20231211;interproscan - no_fix;MASES.KNetCLI - 2.0.0;MASES.KNet - 2.0.0;MASES.KNetConnect - 2.0.0;io.hawt:hawtio-default:2.0.2;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:2.0.2;io.hawt:hawtio-default:1.4.1;io.hawt:hawtio-default:1.4.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;org.apache.activemq:activemq-web-console:5.11.1;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.fabric8:tooling-fabric-all:no_fix;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:hawtio-default-offline:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;io.hawt:sample:1.4.1;org.jboss.logmanager:log4j-jboss-logmanager:1.1.0.Final;org.jboss.logmanager:log4j-jboss-logmanager:1.3.0.Final;org.jboss.logmanager:log4j-jboss-logmanager:1.1.1.Final;org.jboss.logmanager:log4j-jboss-logmanager:1.0.2.Final;org.jboss.logmanager:log4j-jboss-logmanager:1.2.1.Final;org.jboss.logmanager:log4j-jboss-logmanager:1.2.0.Final;org.jboss.logmanager:log4j-jboss-logmanager:1.1.2.Final;org.jboss.logmanager:log4j-jboss-logmanager:1.1.3.Final;org.apache.camel:camel-example-spring-ws:2.17.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;org.apache.activemq:activemq-web-demo:5.11.1;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;io.hawt:hawtio-custom-app:1.4.31;org.apache.activemq:activemq-branding:2.10.0;org.apache.activemq:activemq-branding:2.17.0;org.apache.activemq:activemq-branding:2.14.0;org.apache.activemq:activemq-branding:2.12.0;org.apache.activemq:activemq-branding:2.10.1;org.overlord.sramp:s-ramp-distro-shell:no_fix;org.overlord.sramp:s-ramp-distro-shell:no_fix;org.apache.camel:camel-example-restlet-jdbc:2.17.1;org.apache.camel:camel-example-reportincident:2.17.1;org.apache.camel:camel-example-swagger-xml:2.17.1;log4j:log4j:no_fix;log4j:log4j:1.2.17;ch.qos.reload4j:reload4j:1.2.22;org.apache.camel:camel-example-servlet-tomcat:2.17.1;org.modeshape:modeshape-web-cmis-war:no_fix;org.jboss.hibernate.custom-dialect-resolvers:hibernate-dialect-resolvers:no_fix;org.modeshape:modeshape-web-explorer-war:no_fix;org.apache.camel:camel-example-cxf-tomcat:2.17.1;org.apache.camel:camel-example-servlet-tomcat-no-spring:2.17.1;org.apache.camel:camel-example-cdi-rest-servlet:2.17.1;org.modeshape:modeshape-web-jcr-rest-war:no_fix;org.apache.camel:camel-example-activemq-tomcat:2.17.1;org.apache.camel:camel-example-spring-security:2.17.1
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | HIGH |
| Availability (A): | NONE |