S_N

**Name of the Vulnerable Software and Affected Versions** NitroSecurity NitroView ESM version 8.4.0a **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `Request` parameter to `ess.pm` when `ESSPMDebug` is enabled. **Recommendations** For NitroSecurity NitroView ESM version 8.4.0a, consider disabling the `ESSPMDebug` feature to prevent exploitation until a patch is available. Restrict access to the `ess.pm` module to minimize the risk of exploitation. Avoid using shell metacharacters in the `Request` parameter to the affected endpoint until the issue is resolved.