XXE can occur in Quest KACE Desktop Authority before 11.2...
Moderate severity
Unreviewed
Published
Dec 23, 2021
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Description
Published by the National Vulnerability Database
Dec 22, 2021
Published to the GitHub Advisory Database
Dec 23, 2021
Last updated
Feb 3, 2023
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
References