Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Riverbed Technology SteelCentral Aternity Agent 安全漏洞
Vulnerability Description
Riverbed Technology SteelCentral Aternity Agent是美国Riverbed Technology公司的一款应用程序性能监控解决方案。 Riverbed Technology SteelCentral Aternity Agent 11.0.0.120版本中存在安全漏洞,该漏洞源于程序没有正确处理IPC。攻击者可利用该漏洞执行未授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A