CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25253

KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuration data like database credentials through an out-of-band channel attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.4%

CVSS Severity

CVSS v3 Score 7.5

References

https://global.kyocera.com
https://www.exploit-db.com/exploits/44430
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5459.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5459.php

Products affected by CVE-2019-25253

Kyocera » Net Admin » Version: 3.4.0906

cpe:2.3:a:kyocera:net_admin:3.4.0906

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25253

Products

Pricing

Contact Us