Skip to main content

Fme Server

6 CVEs product

Monthly

CVE-2023-35801 HIGH This Week

A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fme Server
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2022-38340 HIGH PATCH This Week

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Fme Server
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2022-38339 MEDIUM This Month

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fme Server
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-38341 HIGH PATCH This Week

Safe Software FME Server v2021.2.5 and below does not employ server-side validation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fme Server
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2022-38342 MEDIUM This Month

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Fme Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2018-20402 HIGH This Week

Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fme Server
NVD
CVSS 3.0
8.8
EPSS
1.0%
EPSS 1% CVSS 8.1
HIGH This Week

A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fme Server
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Fme Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fme Server
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Safe Software FME Server v2021.2.5 and below does not employ server-side validation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fme Server
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF XXE Fme Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fme Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy