Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Acresso FLEXnet Connect GetRules.asp不安全通讯漏洞
Vulnerability Description
FLEXnet Connect是一种应用软件的厂商为用户提供产品相关的更新及信息发布的工具。 在与中央服务器通讯时,Connect客户端接收特殊的指令(规则)以协助判断升级是否有关,这些指令是由Web服务器的GetRules.asp页面提供的。FLEXnet Connect客户端软件使用了未签名且未加密的HTTP通讯检索规则,这允许远程攻击者在FLEXnet Connect检查升级时通过中间人攻击完全入侵用户系统。
CVSS Information
N/A
Vulnerability Type
N/A