Medium severity6.5NVD Advisory· Published Apr 18, 2019· Updated Jun 17, 2026
CVE-2018-17289
CVE-2018-17289
Description
An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file) within the Kofax/KFS/Admin/PackageService/package/upload file parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 4.1.1.11.0.5212
Patches
Vulnerability mechanics
References
1- github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17289-XXE-KofaxnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.