CVE-2018-3881

Name of the Vulnerable Software and Affected Versions FocalScope version v2416

Description An exploitable unauthenticated XML external injection vulnerability was identified. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise.

Recommendations For FocalScope version v2416, consider disabling the XML parsing functionality until a patch is available. Restrict access to the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.