Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Logrhythm Platform Manager 注入漏洞
Vulnerability Description
Logrhythm Platform Manager是美国Logrhythm公司的一个Logrhyth应用的组件。该组件负责集中管理告警、通知和案例和安全事件管理。支撑实时仪表板,SmartResponse操作和报告。 LogRhythm Platform Manager 7.4.9 存在注入漏洞,该漏洞允许命令注入。攻击者可利用该漏洞可以将任意程序名和参数注入WebSocket中。这些将被转发到安装了LogRhythm智能响应代理的任何远程服务器。默认情况下,命令使用本地系统权限运行。
CVSS Information
N/A
Vulnerability Type
N/A