Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An injection vulnerability in the syslog-ng configuration wizard in Securonix Snypr 6.4 allows an application user with the "Manage Ingesters" permission to execute arbitrary code on remote ingesters by appending arbitrary text to text files that are executed by the system, such as users' crontab files. The patch for this was present in SNYPR version 6.4 Jun 2022 R3_[06170871], but may have been introduced sooner.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Securonix SNYPR 注入漏洞
Vulnerability Description
Securonix SNYPR是美国Securonix公司的一个开放的、模块化的下一代安全智能平台,它结合了日志管理、安全信息和事件。 Securonix SNYPR 6.4版本存在安全漏洞,该漏洞源于其syslog-ng配置向导允许具有“Manage Ingesters”权限的应用程序用户在系统执行的文本文件(如用户的crontab文件)中附加任意文本,从而在远程Ingesters上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A