Command injection exploit in the legacy UI php code

SUMMARY

A command injection exploit in the legacy UI php code was resolved in version 9.2

ISSUE

A command injection exploit in the legacy UI .php code was resolved in version 9.2. 

RESOLUTION

To resolve this issue, upgrade your appliance to version 9.2. 

CAUSE

This exploit was caused by two factors: 

  1. A lack of authorization check on the update functionality.
  2. Improperly filtered input used as a command line parameter to yum.  

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section