Skip to main content
Solved

FMEFlow affected by CVE-2024-50379 and CVE-2024-56337

  • January 9, 2025
  • 4 replies
  • 343 views
kihen
Participant
Forum|alt.badge.img+1

Hi! I am getting a warning that FMEFlow is affected by CVE-2024-56337. I am running FME Flow 2023.1.1

Is this correct?
Is there a fix or are these CVE not applicable?

 

Best regards

/Kim
 

Best answer by zoe.forbes

Hi Kim,

I can confirm FME Flow is not affected by CVE-2024-56337, CVE-2024-50379 or CVE-2025-24813, since these vulnerabilities require write access to the default servlet which Flow doesn’t provide.

Sorry it took so long for you to get a response to this! 

Thanks,
Zoe

 

Edit: Since this response, we’ve published an article on CVE-2025-24813’s impact on FME.

    This post is closed to further activity.
    It may be an old question, an answered question, an implemented idea, or a notification-only post.
    Please check post dates before relying on any information in a question or answer.
    For follow-up or related questions, please post a new question or idea.
    If there is a genuine update to be made, please contact us and request that the post is reopened.

    4 replies

    zoe.forbes
    Safer
    Forum|alt.badge.img+3
    • zoe.forbesSafer
    • Safer
    • 14 replies
    • Best Answer
    • March 19, 2025

    Hi Kim,

    I can confirm FME Flow is not affected by CVE-2024-56337, CVE-2024-50379 or CVE-2025-24813, since these vulnerabilities require write access to the default servlet which Flow doesn’t provide.

    Sorry it took so long for you to get a response to this! 

    Thanks,
    Zoe

     

    Edit: Since this response, we’ve published an article on CVE-2025-24813’s impact on FME.

    todd_davis
    Influencer
    Forum|alt.badge.img+23
    • todd_davisInfluencer
    • Influencer
    • 313 replies
    • March 19, 2025

    @zoeforbes Is there going to be any article regarding CVE-2025-24813, which we can point clients to?

    My indication yesterday to clients was that the default servlet is readonly, but I also said you guys would be looking into it to confirm.

    zoe.forbes
    Safer
    Forum|alt.badge.img+3
    • zoe.forbesSafer
    • Safer
    • 14 replies
    • March 19, 2025

    Hi ​@todd_davis, there isn’t an article yet but I’ve let the Knowledge Base team know it’s been requested. They do however tend to only create articles for vulnerabilities affecting FME, so one may not be published.

    If clients remain concerned, please feel free to submit ticket with them CC’d. Unfortunately, there isn’t much more information we can provide beyond confirming that the vulnerabilities I mentioned above don’t affect Flow as the default servlet is read-only.

    todd_davis
    Influencer
    Forum|alt.badge.img+23
    • todd_davisInfluencer
    • Influencer
    • 313 replies
    • March 19, 2025

    Thanks ​@zoe.forbes. I have sent relevant clients a screenshot of your initial response, so hopefully that will suffice.

    Community Stats

    32,099
    Posts
    121,889
    Replies
    39,743
    Members

    Latest FME

    Terms & ConditionsCookie settingsAccessibility statement
    A product of
    Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.