Potential XML External Entity vulnerabilities

CVE-2024-22218 and CVE-2024-22219 describe XML External Entity (XXE) vulnerabilities where an authenticated Terminalfour user could use Terminalfour features to submit malicious XML to the application, when parsed, can perform various actions like accessing the underlying server, remote code execution (RCE) or perform Server-Side Request Forgery (SSRF) attacks.

All versions of Terminalfour from 8.0.0001 to 8.3.18 are affected by this.

The Terminalfour XML JDBC versions up to 1.0.4 are affected by this.

This issues has been addressed in Terminalfour version 8.3.19 and Terminalfour XML JDBC 1.0. We recommend upgrading to the latest version to avail of these fixes.

Currently, there is no evidence of these CVEs being actively exploited.