Skip to main content
Question

Latest Security Advisory, XSS, and CVE assignments. Can someone make sense of this please.

  • 20 September 2022
  • 1 reply
  • 15 views

https://community.safe.com/s/article/FME-Server-Stored-Cross-Site-Scripting-XSS-Vulnerabilities

 

In this latest advisory it's mentioned that there are two specific XSS issues, and two different CVE assignments. That's all well and good, even if there is a ton of lacking pertinent information.

 

The problem I'm having is that this CVE (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38339) was assigned to this specific advisory but there's zero mention of it. Does anyone know specifically why 2022-38339 was assigned?

1 reply

Forum|alt.badge.img+2

Hi @euhsz​ ,

 

This vulnerability was first discovered in FME Server 2020 and was captured by CVE-2020-22790 and CVE-2020-22789. At that time our team implemented sanitization checks to resolve these vulnerabilities.

 

However, penetration tests against FME Server 2021 & 2022 found a new XSS vector that needed to be accounted for. The CVE # for these latest findings (CVE-2022-38339) was only released yesterday, and the article has now been updated to include this.

 

Please let me know if you have any other questions.

 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings