XML External Entity Issue in Claris FileMaker Pro and Server
CVE-2021-44147

5.5MEDIUM

Key Information:

Vendor: Claris
Status: Filemaker Server; Filemaker Pro
Vendor: CVE Published:; 22 November 2021

What is CVE-2021-44147?

An XML External Entity (XXE) vulnerability in Claris FileMaker Pro and Server (including WebDirect) prior to version 19.4.1 allows remote attackers to exploit crafted XML or Excel documents. This could lead to unauthorized local file disclosure and enable server-side request forgery (SSRF) attacks, posing significant risks to data integrity and system security.

References

https://davidhamann.de/2021/11/18/filemaker-xxe-vulnerabi...

x_refsource_MISC

https://support.claris.com/s/answerview?anum=000035751

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2021
Vulnerability Reserved
Nov 22, 2021

CVE-2021-44147 Data

JSON