Security Advisory

CVE-2022-37027

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-09-21 16:53:50

Last updated 2025-05-28 14:02:03

Assigner mitre

State PUBLISHED

Description

Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and consequently achieve remote code execution as the system user.

← Browse all CVEs View on cve.org ↗