Skip to main content
Version: latest

CVE-2022-48565

CVE Details

CVE-2022-48565

Last Update

9/15/24

NIST CVE Summary

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Our Official Summary

This CVE affects users of Python versions up to 3.9.1. This issue lies in the plistlib module, which used to accept entity declarations in XML plist files, making it susceptible to XXE attacks. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. The possibility of this vulnerability getting exploited in Spectro Cloud products is low. Need an update from the 3rd party vendor to fix the vulnerability. Investigating possibility of updating python version to fix this vulnerability.

CVE Severity

9.8

Status

Ongoing

Affected Products & Versions

  • Palette VerteX 4.4.18

Revision History

  • 1.0 9/13/2024 Initial Publication
  • 2.0 9/13/2024 Added Palette VerteX 4.4.18 to Affected Products