CVE-2022-42745 · Vexday

CVE-2022-42745

EPSS 0.8%

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

Affected products

n/a · CandidATS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://candidats.net/https://fluidattacks.com/advisories/jcole/