Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local privilege escalation due to misconfigured write permission on .debug_command.config file
Vulnerability Description
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
Aternity SteelCentral AppInternals 安全漏洞
Vulnerability Description
Aternity SteelCentral AppInternals是美国Aternity公司的一个监控现代自动化解决方案。提供应用程序性能监控 (APM) 和诊断。 Aternity SteelCentral AppInternals Dynamic Sampling Agent (DSA) 存在安全漏洞,该漏洞源于配置文件可以将相应的 ID 映射到要执行的命令。
CVSS Information
N/A
Vulnerability Type
N/A