LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HXorux Lpar2rrd
APPXorux≤ 3.504.00 – 4.53
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje
Powiązane podatności
CVE-2021-42371CRITICAL9.8ten sam produkt
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
CVE-2020-24032CRITICAL9.8ten sam produkt
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell ...
CVE-2014-4981CRITICAL9.8ten sam produkt
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sa...
CVE-2025-54769HIGH8.8ten sam produkt
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file...
CVE-2021-42372HIGH8.8ten sam produkt
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows au...