Version: latest

CVE-2022-48565

CVE Details

Visit the official vulnerability details page for CVE-2022-48565 to learn more.

Initial Publication

11/13/2024

Last Update

12/12/2024

Third Party Dependency

libpython2.7-minimal

NIST CVE Summary

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

CVE Severity

9.8

Our Official Summary

This CVE affects users of Python versions up to 3.9.1. This issue lies in the plistlib module, which used to accept entity declarations in XML plist files, making it susceptible to XXE attacks. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. The possibility of this vulnerability getting exploited in Spectro Cloud products is low. Need an update from the 3rd party vendor to fix the vulnerability. Investigating possibility of updating python version to fix this vulnerability.

Status

Ongoing

Affected Products & Versions

Version	Palette Enterprise	Palette Enterprise Airgap	VerteX	VerteX Airgap
4.4.20	✅ No Impact	✅ No Impact	⚠️ Impacted	⚠️ Impacted

Revision History

Date	Revision

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​