CVE-2019-25253

Name of the Vulnerable Software and Affected Versions KYOCERA Net Admin version 3.4.0906

Description KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection issue in the Multi-Set Template Editor. This allows unauthenticated attackers to read arbitrary system files. Attackers can create a malicious XML file with external entity references to retrieve sensitive configuration data, such as database credentials, through an out-of-band channel attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.