March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Node.js dexie module and sqlite3 module Vulnerabilities
May 5, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
May 6, 2022Rewterz Threat Advisory – Node.js dexie module and sqlite3 module Vulnerabilities
May 5, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
May 6, 2022
Severity
Medium
Analysis Summary
CVE-2022-28890
Apache Jena could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the RDF/XML parser. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain the external DTD information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
CVE-2022-28890
Affected Vendors
- Apache
Affected Products
- Apache Jena 4.4.0
Remediation
Upgrade to the latest version of Apache Jena, available from the Apache Web site.