What is CVE-2022-2414?

CVE-2022-2414 is a vulnerability in Dogtag Pki, classified under Improper Restriction of XML External Entity Reference (XXE). Published 2022-07-29.

Is CVE-2022-2414 known to be exploited?

28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XXE in Dogtag Pki

CVE-2022-2414

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

Vulnerability class: XXE (XML External Entity)

EPSS: 0.907 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a Dogtag Pki — versions Affected versions: 10.5.18, 10.7.4, 10.8.3, 10.11.2, 10.12.4, 11.0.5, 11.1.0

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

Public proof-of-concept exploits

References

github.com/dogtagpki/pki/pull/4021 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-2414?: CVE-2022-2414 is a vulnerability in Dogtag Pki, classified under Improper Restriction of XML External Entity Reference (XXE). Published 2022-07-29.
Is CVE-2022-2414 known to be exploited?: 28 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.