Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Yonyou NC BeanShell Command Injection
Vulnerability Description
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows unauthenticated remote attackers to execute arbitrary Java code via the bsh.script parameter. This can be exploited to run system commands and ultimately gain full control over the target server. The issue is rooted in a third-party JAR component bundled with the application, and the servlet is accessible without authentication on vulnerable installations. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Yonyou UFIDA NC 安全漏洞
Vulnerability Description
Yonyou UFIDA NC是中国用友(Yonyou)公司的一款高端管理软件。 Yonyou UFIDA NC v6.5及之前版本存在安全漏洞,该漏洞源于暴露BeanShell测试servlet导致代码注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A