Security Advisory

CVE-2021-36356

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-31 03:45:11

Last updated 2024-08-04 00:54:51

Assigner mitre

State PUBLISHED

Description

KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.

← Browse all CVEs View on cve.org ↗