CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-2131

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.9%

CVSS Severity

CVSS v3 Score 8.5

References

https://www.incibe-cert.es/en/early-warning/security-advisories/openkm-xxe-injection
https://www.incibe-cert.es/en/early-warning/security-advisories/openkm-xxe-injection

Products affected by CVE-2022-2131

Openkm » Openkm » Version: 6.3.10

cpe:2.3:a:openkm:openkm:6.3.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2131

Products

Pricing

Contact Us