CVE-2022-42745

Summary

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

Affected Software

VendorProductVersion RangeStatus
n/aCandidATS3.0.0affected

Weaknesses

  • XML injection (XXE)

ADP Enrichment

CVE Program Container

Additional References

References