CVE-2024-22218

EUVD-2024-19794
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
terminalfourxml_jdbc
𝑥
≤ 1.0.4
ADP
terminalfourterminalfour
8.0.0001 ≤
𝑥
≤ 8.3.18
ADP
Common Weakness Enumeration
References
https://docs.terminalfour.com/articles/release-notes-highlights/
https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22218--cve-2024-22219/