CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
91.7%
A vulnerability in the pki-core public key infrastructure deployment management system is related to
insufficient validation of user-entered XML data, which could be passed by specially
created XML code to a vulnerable application and view the contents of arbitrary files on the system or
initiate requests to external systems. Exploitation of the vulnerability could allow an attacker,
acting remotely, to view the contents of an arbitrary file on a server or to perform a network scan of internal and external infrastructure.
network scanning of internal and external infrastructure.