Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Safe Software FME Server v2021.2.5 and below does not employ server-side validation.
AnalysisAI
Safe Software FME Server v2021.2.5 and below does not employ server-side validation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
Safe Software FME Server v2021.2.5 and below does not employ server-side validation. Affected products include: Safe Fme Server.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Fme Server
View allSafe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial adminis
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via t
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerab
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allo
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today