Information Disclosure Vulnerability in Kofax Front Office Server
CVE-2018-17287

4.9MEDIUM

Key Information:

Vendor: Kofax
Status: Front Office Server
Vendor: CVE Published:; 18 April 2019

Summary

An information disclosure vulnerability exists in Kofax Front Office Server Administration Console versions up to 4.1.1.11.0.5212. This flaw allows an unauthorized user to retrieve sensitive data, including passwords, that are meant to be obfuscated in the user interface. By leveraging the back-end 'download' feature with operations like mfp.password downloadsettingvalue, cleartext values can be extracted, posing significant risks to data security.

References

https://github.com/DrunkenShells/Disclosures/tree/master/...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2019
Vulnerability Reserved
Sep 20, 2018