Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-2414

EPSS 90.69% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-2414

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dogtag PKI 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dogtag PKI是Dogtag开源的一个企业级的开源证书颁发机构 (CA)。 Dogtag PKI 的XML解析器存在安全漏洞,该漏洞源于在分析 XML 文档时访问外部实体可能会导致 XML 外部实体 (XXE) 攻击。此漏洞允许远程攻击者通过发送特制的 HTTP 请求来潜在地检索任意文件的内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Dogtag PKI Affected versions: 10.5.18, 10.7.4, 10.8.3, 10.11.2, 10.12.4, 11.0.5, 11.1.0 -

II. Public POCs for CVE-2022-2414

#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/superhac/CVE-2022-2414-POCPOC Details
2A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.https://github.com/amitlttwo/CVE-2022-2414-Proof-Of-ConceptPOC Details
3CVE-2022-2414 POChttps://github.com/satyasai1460/CVE-2022-2414POC Details
4is a PoC script for demonstrating an XML External Entity (XXE) vulnerability exploitationhttps://github.com/geniuszlyy/CVE-2022-2414POC Details
5is a PoC script for demonstrating an XML External Entity (XXE) vulnerability exploitationhttps://github.com/geniuszly/CVE-2022-2414POC Details
6Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-2414.yamlPOC Details
7Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Dogtag%20PKI%20XML%E5%AE%9E%E4%BD%93%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2022-2414.mdPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-2414

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-07-29 · 15 CVEs total

CVE-2022-249127.5 HIGHTiming Attack
CVE-2022-34526Tiffsplit 缓冲区错误漏洞
CVE-2022-36123Linux kernel 安全漏洞
CVE-2022-27873Autodesk Fusion360 代码问题漏洞
CVE-2022-33881Autodesk AutoCAD 缓冲区错误漏洞
CVE-2022-27865Autodesk Design Review 缓冲区错误漏洞
CVE-2022-27866Autodesk Design Review 缓冲区错误漏洞
CVE-2022-27864Autodesk Design Review 资源管理错误漏洞
CVE-2022-36447Chia Network CAT1 Standard 安全漏洞
CVE-2022-34496Hiby Music Hiby R3 PRO firmware 代码问题漏洞
CVE-2022-34527D-Link DSL-3782 操作系统命令注入漏洞
CVE-2022-34528D-Link DSL-3782 缓冲区错误漏洞
CVE-2022-34531Desdev DedeCMS 安全漏洞
CVE-2022-30083EllieGrid Android Application 代码注入漏洞

IV. Related Vulnerabilities

Same vendor: n/a
Same weakness: CWE-611

V. Comments for CVE-2022-2414

No comments yet

Leave a comment