| sidebar_label | title | description | hide_table_of_contents | sidebar_class_name | toc_max_heading_level | tags | ||
|---|---|---|---|---|---|---|---|---|
CVE-2022-48565 |
CVE-2022-48565 |
Lifecycle of CVE-2022-48565 |
true |
hide-from-sidebar |
2 |
|
10/10/24
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
This CVE affects users of Python versions up to 3.9.1. This issue lies in the plistlib module, which used to accept entity declarations in XML plist files, making it susceptible to XXE attacks. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. The possibility of this vulnerability getting exploited in Spectro Cloud products is low. Need an update from the 3rd party vendor to fix the vulnerability. Investigating possibility of updating python version to fix this vulnerability.
Ongoing
- Palette VerteX airgap 4.4.18
- 1.0 9/13/2024 Initial Publication
- 2.0 9/13/2024 Added Palette VerteX airgap 4.4.18 to Affected Products
- 3.0 10/10/2024 CVE remediated in Palette VerteX airgap 4.5.3