Hi! I am getting a warning that FMEFlow is affected by CVE-2024-56337. I am running FME Flow 2023.1.1
Is this correct?
Is there a fix or are these CVE not applicable?
Best regards
/Kim
Hi! I am getting a warning that FMEFlow is affected by CVE-2024-56337. I am running FME Flow 2023.1.1
Is this correct?
Is there a fix or are these CVE not applicable?
Best regards
/Kim
Hi Kim,
I can confirm FME Flow is not affected by CVE-2024-56337, CVE-2024-50379 or CVE-2025-24813, since these vulnerabilities require write access to the default servlet which Flow doesn’t provide.
Sorry it took so long for you to get a response to this!
Thanks,
Zoe
Edit: Since this response, we’ve published an article on CVE-2025-24813’s impact on FME.
My indication yesterday to clients was that the default servlet is readonly, but I also said you guys would be looking into it to confirm.
Hi
If clients remain concerned, please feel free to submit ticket with them CC’d. Unfortunately, there isn’t much more information we can provide beyond confirming that the vulnerabilities I mentioned above don’t affect Flow as the default servlet is read-only.
Thanks