and this write-up was only released after a patch was available (see timeline below). The issue was privately disclosed to Claris, Inc. If you’re running FileMaker Server, make sure to install patch 19.4.1 to mitigate this attack vector. The following is a description of the vulnerability including potential exploitation paths. The vulnerability is/was indeed there and can lead to local file disclosure and server side request forgery in various components of the FileMaker platform. CVE-2021-44147: XML External Entity Vulnerability in Claris FileMakerĪ couple of months ago I looked more deeply into the “Import Records” functionality in FileMaker, especially the XML parsing, and was wondering if any XXE vulnerability may exist and how one could exploit this in technically interesting ways.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |