CVE-2022-3338

CVE-2022-3338

An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API.

Source: CVE-2022-3338

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다