Vulnerability CVE-2022-26662
Published: 2022-03-10

Description:
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.

Type:

CWE-776

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Tryton -> Proteus 
Tryton -> Trytond 
Debian -> Debian linux 

 References:
https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059
https://bugs.tryton.org/issue11244
https://lists.debian.org/debian-lts-announce/2022/03/msg00016.html
https://lists.debian.org/debian-lts-announce/2022/03/msg00017.html
https://www.debian.org/security/2022/dsa-5098
https://www.debian.org/security/2022/dsa-5099
Copyright 2024, cxsecurity.com

 

Back to Top