Vulnerabilities > Safe
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-23 | CVE-2023-35801 | Path Traversal vulnerability in Safe FME Server A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. | 8.1 |
| 2022-09-20 | CVE-2022-38340 | Path Traversal vulnerability in Safe FME Server Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a Path Traversal vulnerability via the component fmedataupload. | 7.2 |
| 2022-09-19 | CVE-2022-38339 | Cross-site Scripting vulnerability in Safe FME Server Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page. | 6.1 |
| 2022-09-19 | CVE-2022-38341 | Unspecified vulnerability in Safe FME Server 2021.2.3 Safe Software FME Server v2021.2.5 and below does not employ server-side validation. | 7.1 |
| 2022-09-13 | CVE-2022-38342 | XXE vulnerability in Safe FME Server Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks. | 6.5 |
| 2021-04-28 | CVE-2020-22790 | Cross-site Scripting vulnerability in Safe FME Server Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. | 5.4 |
| 2021-04-28 | CVE-2020-22789 | Cross-site Scripting vulnerability in Safe FME Server Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. | 6.1 |
| 2018-12-23 | CVE-2018-20402 | Insecure Default Initialization of Resource vulnerability in Safe FME Server Safe Software FME Server through 2018.1 creates and enables three additional accounts in addition to the initial administrator account. | 8.8 |