XXE vulnerability in Quest KACE Desktop Authority before 11.2 due to log4net configuration file control
CVE-2021-44028 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
Learn more about our Cis Benchmark Audit For Desktop Software.