Rewterz Threat Advisory – Multiple Apple Safari WebKit Vulnerabilities
September 13, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
September 13, 2022Rewterz Threat Advisory – Multiple Apple Safari WebKit Vulnerabilities
September 13, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
September 13, 2022Severity
High
Analysis Summary
CVE-2022-39135
Apache Calcite is vulnerable to an XML external entity injection (XXE) attack when processing XML data, caused by improper input validation by the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE. By using specially-crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files, cause a denial of service, conduct an SSRF attack, or achieve other system impacts.
Impact
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2022-39135
Affected Vendors
Apache
Affected Products
- Apache Calcite 1.31.0
Remediation
Upgrade to the latest version of Apache Calcite, available from the Apache Website.