KLA10705
Code execution vulnerabilities in Tibbo AggreGate.

Successful exploitation of the identified vulnerabilities may allow an attacker to execute arbitrary code and commands.

1. Unknown vulnerability at Ice Faces servlet allows remote attackers to upload and execute arbitrary Java code via a specially designed XML document;
2. Unknown vulnerability allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class.

Tibbo AggreGate Platform Version 5.21.02 and prior versions.

Update to the latest version
Download new version.