CandidATS Version 3.0.0 XXE Vulnerability Allows Arbitrary File Reading
CVE-2022-42745 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.
Learn more about our Cis Benchmark Audit For Server Software.