vulnerability

Amazon Linux AMI 2: CVE-2022-2414: Security patch for pki-core (ALAS-2023-2016)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	2022-07-29	2023-04-21	2025-01-28

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

2022-07-29

Added

2023-04-21

Modified

2025-01-28

Description

Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.

Solution(s)

amazon-linux-ami-2-upgrade-pki-baseamazon-linux-ami-2-upgrade-pki-base-javaamazon-linux-ami-2-upgrade-pki-caamazon-linux-ami-2-upgrade-pki-core-debuginfoamazon-linux-ami-2-upgrade-pki-javadocamazon-linux-ami-2-upgrade-pki-kraamazon-linux-ami-2-upgrade-pki-serveramazon-linux-ami-2-upgrade-pki-symkeyamazon-linux-ami-2-upgrade-pki-tools

References

AMAZON-AL2/ALAS-2023-2016
CVE-2022-2414
https://attackerkb.com/topics/CVE-2022-2414

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today