CVE-2021-44147

MEDIUM

Claris FileMaker Pro and Server < 19.4.1 - XML External Entity Injection via Crafted XML/Excel Document

Title source: llm

Description

An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://davidhamann.de/2021/11/18/filemaker-xxe-vulnerability/

Vendor Advisory x_refsource_misc

https://support.claris.com/s/answerview?anum=000035751

Scores

CVSS v3 5.5

EPSS 0.0113

EPSS Percentile 62.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-611

Status published

Products (2)

claris/filemaker_pro < 19.4.1

claris/filemaker_server < 19.4.1

Published Nov 22, 2021

Tracked Since Feb 18, 2026