XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
CPE | Name | Operator | Version |
---|---|---|---|
kace_desktop_authority | ge | 10.0 | |
kace_desktop_authority | lt | 11.2 |