漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Schneider Electric StruxureWare Data Center Operation 安全漏洞
Vulnerability Description
Schneider Electric StruxureWare Data Center Operation是法国施耐德电气(Schneider Electric)公司的一套数据中心运营软件。该软件通过库存管理、PUE计算、实时设备警报和基于位置的深入分析,对数据中心操作进行即时概览。 Schneider Electric StruxureWare Data Center Operation中存在安全漏洞。攻击者可借助恶意制作的文件利用该漏洞将任意文件上传到目标目录之外的服务器文件系统上。
CVSS Information
N/A
Vulnerability Type
N/A