CVE-2022-38341: 
Safe Software FME Flow vulnerability analysis and mitigation

Safe Software FME Server v2021.2.5 and below contains a vulnerability due to lack of server-side validation when creating new users (NVD). The vulnerability was assigned CVE-2022-38341 and was first published on September 19, 2022. The CVSS v3.1 base score is 7.1 (High) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N (NVD).

The vulnerability stems from insufficient server-side validation in FME Server's user creation functionality. The CVSS score of 7.1 (High) indicates that the vulnerability requires low attack complexity and low privileges to exploit, with no user interaction needed. The attack vector is network-based, potentially allowing remote exploitation (NVD).

The vulnerability could lead to high confidentiality impact and low integrity impact, with no availability impact as indicated by the CVSS vector string. This suggests that successful exploitation could result in unauthorized access to sensitive information and limited modification of system data (NVD).

Users should upgrade to FME Server versions above v2021.2.5 to address this vulnerability. The issue affects versions from 2021.2.3 up to (excluding) 2021.2.6 (NVD).