CVE-2009-1464

Name of the Vulnerable Software and Affected Versions Application Access Server (A-A-S) version 2.0.48

Description The issue allows remote attackers to hijack the authentication of administrators for requests, including executing arbitrary programs via a command job, stopping services via a setservice job, or terminating processes via a killprocess job.

Recommendations For Application Access Server (A-A-S) version 2.0.48, consider disabling the index.aas module until a patch is available to prevent exploitation of the CSRF vulnerabilities. Restrict access to the setservice, killprocess, and command jobs to minimize the risk of unauthorized execution.