Colemanjp

**Name of the Vulnerable Software and Affected Versions** BlueCat Device Registration Portal version 2.2 **Description** The issue allows XXE attacks that can exfiltrate single-line files, potentially containing credentials, such as those found in .netrc files. For example, a single-line file might contain information like `machine example.com login daniel password qwerty`. There is no available information about whether any later version is affected. **Recommendations** For BlueCat Device Registration Portal version 2.2, since 2.x versions are no longer supported and there is no information about a fix in later versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.