关键漏洞信息 1. XXE in SOCE GXP File Processing CVE: CVE-2022-5897 Description: SOCE GXP is vulnerable to XXE when processing XML files. Mitigation: Update to SOCE GXP v4.6.0.3 or later. 2. Reflected Cross-Site Scripting in GXP Job Service CVE: CVE-2022-5898 Description: SOCE GXP is vulnerable to reflected XSS in the GXP Job Service. Mitigation: Update to SOCE GXP v4.6.0.3 or later. 3. Command Injection in SOCE GXP Job Service CVE: CVE-2022-5894 Description: SOCE GXP is vulnerable to command injection in the GXP Job Service. Mitigation: Update to SOCE GXP v4.6.0.3 or later. 4. Path Traversal may allow arbitrary file read in SOCE GXP Job Service CVE: CVE-2022-5895 Description: SOCE GXP is vulnerable to path traversal in the GXP Job Service. Mitigation: Update to SOCE GXP v4.6.0.3 or later. 5. Unauthenticated access to the GXP Job Service on Port 44300 CVE: CVE-2022-5893 Description: SOCE GXP allows unauthenticated access to the GXP Job Service on port 44300. Mitigation: Update to SOCE GXP v4.6.0.3 or later. 6. Unauthenticated access to the GXP Job Status service on Port 44307 CVE: CVE-2022-5892 Description: SOCE GXP allows unauthenticated access to the GXP Job Status service on port 44307. Mitigation: Update to SOCE GXP v4.6.0.3 or later. 7. Client-Side Request Forgery in the GXP Job Status Service CVE: CVE-2022-5890 Description: SOCE GXP is vulnerable to CSRF in the GXP Job Status Service. Mitigation: Update to SOCE GXP v4.6.0.3 or later. 8. Information Disclosure in the GXP Job Status Service CVE: CVE-2022-5891 Description: SOCE GXP is vulnerable to information disclosure in the GXP Job Status Service. Mitigation: Update to SOCE GXP v4.6.0.3 or later.