CVE-2022-22795

Published: Mar 9, 2022

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

6.8

MEDIUM

Description

Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine.

Vendor	Product	Versions
Signiant	Signiant	affected `Signiant Build 78045 13.5.0` affected `Signiant Build 79008,14.0.0` affected `Signiant Build 79687 14.1.0` affected `Signiant Build 79687 15.0.0`

Weaknesses (CWE)

CWE-611

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://www.gov.il/en/departments/faq/cve_advisories

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-22795

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References