What the vulnerability does

01Description

WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files.

Key dates

02Disclosure timeline

April 9, 2020 CVE published
August 4, 2024 Record updated