CVE-2022-22795 — MEDIUM (6.8)

Q: How severe is CVE-2022-22795?

CVE-2022-22795 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-22795?

Check the references section above for vendor advisories and patch information. Affected products include: Signiant Manager\+Agents.

Vulnerability Description

Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Signiant	Manager\+Agents	< 13.5

Related Weaknesses (CWE)

CWE-611

References

https://www.gov.il/en/departments/faq/cve_advisoriesThird Party Advisory
https://www.gov.il/en/departments/faq/cve_advisoriesThird Party Advisory

FAQ

What is CVE-2022-22795?

CVE-2022-22795 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt...

How severe is CVE-2022-22795?

CVE-2022-22795 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22795?

Check the references section above for vendor advisories and patch information. Affected products include: Signiant Manager\+Agents.