The affected product is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing.
The affected product does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage.
The affected software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
The affected product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy. The following CVEs are associated with this product.
Refer to CISA Advisory for the patch, upgrade, or suggested workaround information.