CVE-2022-22795

Name of the Vulnerable Software and Affected Versions Signiant Manager+Agents (affected versions not specified)

Description The issue allows an attacker to extract internal files of the affected machine through an XML External Entity (XXE) vulnerability. Since the product runs with root privileges on Linux systems and as nt/authority on Windows systems, an attacker can access and extract any file on the system, including sensitive files such as passwd, shadow, and hosts. This access enables the attacker to steal sensitive information from the victim's machine.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.