CVE-2024-22219

EUVD-2024-19795
XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
terminalfourterminalfour
8.0.0001 ≤
𝑥
≤ 8.3.18
ADP
terminalfourxml_jdbc
𝑥
≤ 1.0.4
ADP
Common Weakness Enumeration
References
https://docs.terminalfour.com/articles/release-notes-highlights/
https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22218--cve-2024-22219/