CandidATS Version 3.0.0 XXE Vulnerability Allows Arbitrary File Reading

CandidATS Version 3.0.0 XXE Vulnerability Allows Arbitrary File Reading

CVE-2022-42745 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

Learn more about our Cis Benchmark Audit For Server Software.