2019
05.11

Gemalto (Thales Group) DS3 Authentication Server and Ezio Server versions prior to 3.1.0 suffer from semi-blind OS command injection, local file disclosure, and broken access controls that when combined allows a low-privileged application user to upload a JSP web shell with the access rights of the lower privileged Linux system user “asadmin”.

No Comment.

Add Your Comment

You must be logged in to post a comment.