Vulnerabilities > CVE-2021-44147 - XXE vulnerability in Claris Filemaker PRO and Filemaker Server

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

claris

CWE-611

NVD

Published: 2021-11-22

Updated: 2021-11-23

Summary

An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.

Vulnerable Configurations

Part	Description	Count
Application	Claris Claris Filemaker PRO 13.03 Claris Filemaker PRO 19.1.2 Claris Filemaker PRO 19.1.3 Claris Filemaker PRO 19.2.1 Claris Filemaker PRO 19.2.2 Claris Filemaker PRO 19.3.1 Claris Filemaker PRO 19.3.2 Claris Filemaker Server 19.1.2 Claris Filemaker Server 19.2.1 Claris Filemaker Server 19.3.1 Claris Filemaker Server 19.3.2	11

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References