MidnightBSD

Advisories for signiant

CVE-2019-8996 HIGH

In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
signiant manager+agents *
CVE-2021-46660 HIGH

Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,

Products Affected

Vendor Product Version
signiant manager+agents *
CVE-2022-22795 MEDIUM

Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files, the product is running with root on Linux systems and nt/authority on windows systems, which allows him to access and extract any file on the systems, such as passwd, shadow, hosts and so on. By gaining access to these files, attackers can steal sensitive information from the victims machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@cyber.gov.il 6.8 MEDIUM CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H 0.2 6.0
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
signiant manager+agents 15.0
signiant manager+agents *
signiant manager+agents 14.0