Security Advisory

CVE-2020-25094

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-12-17 02:04:12

Last updated 2024-08-04 15:26:09

Assigner mitre

State PUBLISHED

Description

LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem privileges.

← Browse all CVEs View on cve.org ↗