Severity
Medium
Analysis Summary
CVE-2022-28890
Apache Jena could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the RDF/XML parser. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain the external DTD information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
CVE-2022-28890
Affected Vendors
- Apache
Affected Products
- Apache Jena 4.4.0
Remediation
Upgrade to the latest version of Apache Jena, available from the Apache Web site.