CVE-2022-40705 - XML External Entity (XEE) Vulnerability
Severity: None2022-10-13
Abstract
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions.
The Oxygen products incorporate Apache SOAP as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Author v25.0 and older | None | N/A |
Oxygen XML Developer v25.0 and older | None | N/A |
Oxygen XML Editor v25.0 and older | None | N/A |
Detail
CVE-2022-40705
Severity: High
CVSS Score: 7.5
The Apache SOAP third-party library used by Oxygen XML products is an affected version mentioned in CVE-2022-40705 vulnerability description. However, Oxygen products does not use RPCRouterServlet class. For that reason, our products are not affected by this vulnerability.