Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins” directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the “.\plugins” string, a directory traversal vulnerability exists in the way plugins are resolved.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Riverbed Technology SteelCentral Aternity Agent 路径遍历漏洞
Vulnerability Description
Riverbed Technology SteelCentral Aternity Agent是美国Riverbed Technology公司的一款应用程序性能监控解决方案。 基于Windows的Riverbed Technology SteelCentral Aternity Agent 11.0.0.120之前版本中存在路径遍历漏洞。远程攻击者可通过发送特制的请求利用该漏洞在系统上创建和覆盖任意文件。
CVSS Information
N/A
Vulnerability Type
N/A