Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as SYSTEM via the policy custom script feature. Due to the use of a default administrator password, attackers may be able to abuse this functionality with minimal effort. Additionally, a remote and partially authenticated attacker may be able to inject arbitrary commands into the custom script due to an unsanitized password field. (CVSS:7.1) (Last Update:2022-04-26)
http://dlvr.it/SPLHD7
Subscribe to:
Post Comments (Atom)
Columbus won't explain critical cyber service outage hampering 311 for days - The Columbus Dispatch
Columbus won't explain critical cyber service outage hampering 311 for days The Columbus Dispatch http://dlvr.it/TB6t50
-
A cyberespionage group with ties to North Korea has resurfaced with a stealthier variant of its remote access trojan called Konni to attack ...
-
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __...
-
This statistic presents a ranking of the countries with the highest commitment to cyber security based on the Global Cybersecurity Index (GC...
No comments:
Post a Comment