Search criteria
1 vulnerability by auieosoftware
CVE-2022-42745 (GCVE-0-2022-42745)
Vulnerability from cvelistv5 – Published: 2022-11-03 00:00 – Updated: 2024-08-03 13:10
VLAI
Summary
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.
Severity
No CVSS data available.
CWE
- XML injection (XXE)
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:41.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://candidats.net/"
},
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/jcole/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CandidATS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML injection (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-03T00:00:00.000Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://candidats.net/"
},
{
"url": "https://fluidattacks.com/advisories/jcole/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2022-42745",
"datePublished": "2022-11-03T00:00:00.000Z",
"dateReserved": "2022-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T13:10:41.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}