CVE-2024-46984

Summary

CVE-2024-46984 is a vulnerability affecting the reference validator tool used for validating FHIR resources in various applications, specifically those that process XML from untrusted sources. The issue arises from an XML External Entities (XXE) attack capability due to the insecure defaults in the Woodstox WstxInputFactory. This flaw can enable Server Side Request Forgery (SSRF) attacks, potentially leading to unauthorized network requests being executed by the vulnerable application. To remediate this vulnerability, users are urged to update to version 2.5.1 or later of the reference validator and consider pre-processing or manually analyzing XML inputs for DTD definitions or external entities. The vulnerability has a high severity rating with a CVSS score of 8.6, indicating significant risks to confidentiality without requiring user interaction or elevated privileges.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.