Security Advisory

CVE-2020-37052

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-30 22:07:18

Last updated 2026-02-02 20:05:43

Assigner VulnCheck

State PUBLISHED

Description

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the applications system privileges.

← Browse all CVEs View on cve.org ↗