Home

CVE-2022-26662

Description

An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
5.585

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond 5.0.46Windows
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond 6.0.16Windows
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond 6.2.6Windows
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus 5.0.12Windows
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus 6.0.5Windows
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus 6.2.2Windows
tryton-proteus security update(DSA-5099-1) tryton-proteus_5.0.1-3+deb10u1_all.debLinux
tryton-proteus security update(DSA-5099-1) tryton-proteus_5.0.8-1+deb11u1_all.debLinux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond for linux 5.0.46Linux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond for linux 6.0.16Linux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-trytond for linux 6.2.6Linux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus for linux 5.0.12Linux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus for linux 6.0.5Linux
Vulnerabilities CVE-2022-26661,CVE-2022-26662 are fixed in Python-proteus for linux 6.2.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234