exploitDog

GHSA-4w37-q3jv-2mwp

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter.

An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter.

Ссылки

EPSS

Процентиль: 64%

0.00478

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-611

Связанные уязвимости

CVE-2018-17289

CVSS3: 6.5

nvd

почти 7 лет назад

An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter.

EPSS

Процентиль: 64%

0.00478

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-611