CVE-2022-48565
CVE Details
Last Update
10/10/24
NIST CVE Summary
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
Our Official Summary
This CVE affects users of Python versions up to 3.9.1. This issue lies in the plistlib module, which used to accept entity declarations in XML plist files, making it susceptible to XXE attacks. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. The possibility of this vulnerability getting exploited in Spectro Cloud products is low. Need an update from the 3rd party vendor to fix the vulnerability. Investigating possibility of updating python version to fix this vulnerability.
CVE Severity
Status
Ongoing
Affected Products & Versions
- Palette VerteX airgap 4.4.18
Revision History
- 1.0 9/13/2024 Initial Publication
- 2.0 9/13/2024 Added Palette VerteX airgap 4.4.18 to Affected Products
- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3