CVE-2021-44028: XEE
First published: Wed Dec 22 2021(Updated: )
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Quest KACE Desktop Authority | >=10.0<11.2 | |
| >=10.0<11.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-44028?
CVE-2021-44028 is a vulnerability that allows for XXE (XML External Entity) attacks in Quest KACE Desktop Authority before version 11.2.
How can XXE occur in Quest KACE Desktop Authority?
XXE can occur in Quest KACE Desktop Authority before version 11.2 because the log4net configuration file might be controlled by an attacker.
Is CVE-2021-44028 related to CVE-2018-1285?
Yes, CVE-2021-44028 is a related issue to CVE-2018-1285.
What is the severity of CVE-2021-44028?
CVE-2021-44028 has a severity rating of medium.
How do I fix CVE-2021-44028?
To fix CVE-2021-44028, update Quest KACE Desktop Authority to version 11.2 or later.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/quest
- canonical/quest kace desktop authority
- version/quest kace desktop authority/10.0