CVE-2024-51132
moderate-risk
Published 2024-11-05
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
Do I need to act?
~
7.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 26c445c8fc841d5e73c4662391b970f4a2bcc805
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
47
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
10/34 · Low
Exposure
5/34 · Minimal