SUMMARY
A command injection exploit in the legacy UI php code was resolved in version 9.2
ISSUE
A command injection exploit in the legacy UI .php code was resolved in version 9.2.
RESOLUTION
To resolve this issue, upgrade your appliance to version 9.2.
CAUSE
This exploit was caused by two factors:
- A lack of authorization check on the update functionality.
- Improperly filtered input used as a command line parameter to yum.