Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
safe fme server vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-22789
Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote malicious user to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs.
Safe Fme Server 2019.0
Safe Fme Server 2019.1
Safe Fme Server 2019.2
Safe Fme Server 2020.0
3.5
CVSSv2
CVE-2020-22790
Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote malicious user to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs.
Safe Fme Server 2019.0
Safe Fme Server 2019.1
Safe Fme Server 2019.2
Safe Fme Server 2020.0
NA
CVE-2022-38341
Safe Software FME Server v2021.2.5 and below does not employ server-side validation.
Safe Fme Server
NA
CVE-2022-38339
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.
Safe Fme Server
NA
CVE-2022-38340
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below exists to contain a Path Traversal vulnerability via the component fmedataupload.
Safe Fme Server
NA
CVE-2022-38342
Safe Software FME Server v2021.2.5, v2022.0.0.2 and below exists to contain a XML External Entity (XXE) vulnerability which allows authenticated malicious users to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.
Safe Fme Server
NA
CVE-2023-35801
A directory traversal vulnerability in Safe Software FME Server prior to 2022.2.5 allows an malicious user to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires...
Safe Fme Server
6.5
CVSSv2
CVE-2018-20402
Safe Software FME Server up to and including 2018.1 creates and enables three additional accounts in addition to the initial administrator account. The passwords to the three accounts are the same as the usernames, which are guest, user, and author. Logging in with these accounts...
Safe Fme Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started