XML External Entity Vulnerability in Kofax Front Office Server Administration Console
CVE-2018-17289
6.5MEDIUM
What is CVE-2018-17289?
An XML external entity (XXE) vulnerability exists in Kofax Front Office Server Administration Console, specifically in version 4.1.1.11.0.5212. This flaw allows authenticated remote users to exploit crafted XML in imported package configuration files, potentially leading to unauthorized access to the server's file system. Attackers can manipulate the upload functionality to extract sensitive files, raising significant security concerns for users of Kofax's administration console.