1. Home
  2. Vulnerabilities
  3. CVE-2022-4725

CVE-2022-4725

CVSS v3.1 9.8 (Critical)
98% Progress
EPSS 0.20 % (57th)
0.20% Progress
Affected Products 1
Advisories 1
NVD Status Modified
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads to server-side request forgery. Upgrading to version 2.59.1 is able to address this issue. The name of the patch is c3e6d69422e1f0c80fe53f2d757b8df97619af2b. It is recommended to upgrade the affected component. The identifier VDB-216737 was assigned to this vulnerability.

Weaknesses
CWE-918
Server-Side Request Forgery (SSRF)
CVE Status
PUBLISHED
NVD Status
Modified
CNA
VulDB
Published Date
2022-12-27 15:15:12
(21 months ago)
Updated Date
2024-05-17 02:16:53
(4 months ago)

Affected Products

Amazon

Configuration #1

    CPE23 From Up To
  Amazon Aws Software Development Kit for Android prior 2.59.1 version cpe:2.3:a:amazon:aws_software_development_kit::*:*:*:*:android < 2.59.1