Vulnerabilities > CVE-2021-44147 - XXE vulnerability in Claris Filemaker PRO and Filemaker Server

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

claris

CWE-611

NVD

Published: 2021-11-22

Updated: 2021-11-23

Summary

An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.

Vulnerable Configurations

Part	Description	Count
Application	Claris Claris Filemaker Server 19.1.2 Claris Filemaker Server 19.2.1 Claris Filemaker Server 19.3.1 Claris Filemaker Server 19.3.2 Claris Filemaker PRO 13.03 Claris Filemaker PRO 19.1.2 Claris Filemaker PRO 19.1.3 Claris Filemaker PRO 19.2.1 Claris Filemaker PRO 19.2.2 Claris Filemaker PRO 19.3.1 Claris Filemaker PRO 19.3.2	11

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References