Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather)
Vulnerability Description
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled. A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices. Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
IBL Software Engineering Visual Weather 安全漏洞
Vulnerability Description
IBL Software Engineering Visual Weather是IBL Software Engineering公司的一个可视化天气应用程序。 IBL Software Engineering Visual Weather存在安全漏洞,该漏洞源于PDS组件配置不当,从而允许远程执行任意Python代码。
CVSS Information
N/A
Vulnerability Type
N/A