{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-42745","assignerOrgId":"84fe0718-d6bb-4716-a7e8-81a6d1daa869","assignerShortName":"Fluid Attacks","dateUpdated":"2024-08-03T13:10:41.465Z","dateReserved":"2022-10-10T00:00:00.000Z","datePublished":"2022-11-03T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"84fe0718-d6bb-4716-a7e8-81a6d1daa869","shortName":"Fluid Attacks","dateUpdated":"2022-11-03T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE."}],"affected":[{"vendor":"n/a","product":"CandidATS","versions":[{"version":"3.0.0","status":"affected"}]}],"references":[{"url":"https://candidats.net/"},{"url":"https://fluidattacks.com/advisories/jcole/"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"XML injection (XXE)"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T13:10:41.465Z"},"title":"CVE Program Container","references":[{"url":"https://candidats.net/","tags":["x_transferred"]},{"url":"https://fluidattacks.com/advisories/jcole/","tags":["x_transferred"]}]}]}}