Are there any concerns with Insight related to host header injection vulnerabilities?
Kofax performs DAST scans as part of the SSDL process for each product release including Insight. Potential host header attacks have been reported by internal DAST scans in the past. When investigating these vulnerabilities, it was concluded that they are not exploitable as Insight provides additional controls that prevent Host Header attacks to be exploited (such as input validation, URL redirection verification, etc.)
This article may be updated as new information becomes available. If you would like to share additional information, please submit a Technical Support case with all related information (testing procedure steps, results, etc.) for our product team to review and advise.
Level of Complexity
Article # 3047226