XML-RPC Subsystem in Zenoss 2.5.3: Unauthenticated Information Disclosure via XXE Attacks on Port 9988

CVE-2019-14258 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.

Learn more about our Web Application Penetration Testing UK.