Описание
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:unify:ewave_servletexec:3.0c:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02323
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.
EPSS
Процентиль: 84%
0.02323
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other