KLA10705
Code execution vulnerabilities in Tibbo AggreGate.
Updated: 05/22/2020
Detect date
?
11/19/2015
Severity
?
Critical
Description

Successful exploitation of the identified vulnerabilities may allow an attacker to execute arbitrary code and commands.

  1. Unknown vulnerability at Ice Faces servlet allows remote attackers to upload and execute arbitrary Java code via a specially designed XML document;
  2. Unknown vulnerability allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class.
Affected products

Tibbo AggreGate Platform Version 5.21.02 and prior versions.

Solution

Update to the latest version
Download new version.

Impacts
?
ACE 
[?]
Related products
AggreGate
CVE-IDS
?
CVE-2015-791210.0Critical
CVE-2015-79137.2High