CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22218
https://notcve.org/view.php?id=CVE-2024-22218
15 Aug 2024 — XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks. • https://docs.terminalfour.com/articles/release-notes-highlights • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22219
https://notcve.org/view.php?id=CVE-2024-22219
15 Aug 2024 — XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks. • https://docs.terminalfour.com/articles/release-notes-highlights • CWE-918: Server-Side Request Forgery (SSRF) •