March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-33891 – Apache Spark Vulnerability
July 20, 2022Rewterz Threat Advisory – CVE-2022-36127 – Apache SkyWalking NodeJS Agent Vulnerability
July 20, 2022Rewterz Threat Advisory – CVE-2022-33891 – Apache Spark Vulnerability
July 20, 2022Rewterz Threat Advisory – CVE-2022-36127 – Apache SkyWalking NodeJS Agent Vulnerability
July 20, 2022
Severity
High
Analysis Summary
CVE-2022-35741
Apache CloudStack is vulnerable to XML external entity processing, caused by a flaw when the SAML 2.0 authentication Service Provider plugin is enabled. By sending specially-crafted XML data during the authentication flow. An attacker can use this vulnerability to read arbitrary files, cause a denial of service condition, or perform server-side request forgery (SSRF) attacks on the CloudStack management server.
Impact
- Unauthorized Access
Indicators Of Compromise
CVE
- CVE-2022-35741
Affected Vendors
Apache
Affected Products
- Apache CloudStack 4.5.0
- Apache CloudStack 4.16.1.0
- Apache CloudStack 4.17.0.0
Remediation
Upgrade to the latest version of Apache CloudStack, available from the Apache Website.