XXE vulnerability in Quest KACE Desktop Authority before 11.2 due to log4net configuration file control

XXE vulnerability in Quest KACE Desktop Authority before 11.2 due to log4net configuration file control

CVE-2021-44028 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.

Learn more about our Cis Benchmark Audit For Desktop Software.