CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00271
Percentile: 0.50356

CVSS Scoring

Mapped CWE(s)

• CWE-611 : Improper Restriction of XML External Entity Reference

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:auieosoftware:candidats:3.0.0:*:*:*:*:*:*:*

← Back to Home