CVE-2022-2131

Summary

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack.

Affected Software

VendorProductVersion RangeStatus
OpenKMOpenKM Document Management Community6.3.10 <= 6.3.10affected

Weaknesses

  • CWE-611: CWE-611: improper restriction of XML external entity reference (XXE)

ADP Enrichment

CVE Program Container

Additional References

References