CVE-2022-44794
- EPSS 0.73%
- Veröffentlicht 07.11.2022 04:15:09
- Zuletzt bearbeitet 01.05.2025 18:15:50
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that sets the hostname doesn't validate input parameter...
CVE-2022-44795
- EPSS 0.29%
- Veröffentlicht 07.11.2022 04:15:09
- Zuletzt bearbeitet 01.05.2025 18:15:51
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to ...
CVE-2022-44796
- EPSS 0.5%
- Veröffentlicht 07.11.2022 04:15:09
- Zuletzt bearbeitet 01.05.2025 18:15:51
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. The authorization service has a flow that allows getting access to the Web UI without knowing credentials. For signing, the JWT token uses a secret key that is generated through a fu...