XML External Entity Vulnerability in Kofax Front Office Server Administration Console
CVE-2018-17289
6.5MEDIUM
Summary
An XML external entity (XXE) vulnerability exists in Kofax Front Office Server Administration Console, specifically in version 4.1.1.11.0.5212. This flaw allows authenticated remote users to exploit crafted XML in imported package configuration files, potentially leading to unauthorized access to the server's file system. Attackers can manipulate the upload functionality to extract sensitive files, raising significant security concerns for users of Kofax's administration console.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved