CVE-2022-22795
MEDIUMSigniant Manager+Agents - XML External Entity Injection
Title source: llmDescription
Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.gov.il/en/departments/faq/cve_advisories
Scores
CVSS v3
6.8
EPSS
0.0102
EPSS Percentile
58.7%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (3)
signiant/manager\+agents
14.0
signiant/manager\+agents
15.0
signiant/manager\+agents
< 13.5
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026