The vulnerability involves the XUDA template files, which are included with the package. The templates do not reference absolute pathnames when refering to other files.
According to the discover, "to determine whether anyone has attempted to exploit this vulnerability, check the enroll-access.log and the admin-access.log files in the WebServer/logs directory of your Net Tools PKI Server installation. Search for any log entries which include "x-templates" in the URL. Each entry can then be examined to see the IP address of the computer and what files were accessed."