漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)
Vulnerability Description
Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager (WorkStation), an unauthenticated attacker could create a malicious JNLP (Java Network Launch Protocol) file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope Server could execute OS commands on the victim's machine. This could completely compromising confidentiality, integrity and availability of the system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
SAP Wily Introscope Enterprise Manager 代码注入漏洞
Vulnerability Description
SAP Wily Introscope Enterprise Manager是德国思爱普(SAP)公司的一个应用性能管理组件。 SAP Wily Introscope Enterprise Manager存在代码注入漏洞,该漏洞源于使用易受攻击的第三方组件,可能导致未经验证的攻击者创建恶意JNLP文件并执行OS命令,造成系统完全被破解。
CVSS Information
N/A
Vulnerability Type
N/A