PT-2022-26535 · Candidats · Candidats
Carlos Bello
·
Published
2022-11-03
·
Updated
2025-05-01
·
CVE-2022-42745
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CandidATS version 3.0.0
Description
The issue allows an external attacker to read arbitrary files from the server due to the application being vulnerable to XXE.
Recommendations
For CandidATS version 3.0.0, consider restricting access to sensitive files on the server until a patch is available. As a temporary workaround, disabling external access to the application may minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Candidats