CVE-2017-16590

Name of the Vulnerable Software and Affected Versions NetGain Systems Enterprise Manager version 7.2.699 build 1001

Description This issue allows remote attackers to bypass authentication on vulnerable installations. User interaction is required to exploit this issue. The specific flaw exists within the MainFilter servlet, resulting from the lack of proper string matching inside the doFilter method. An attacker can leverage this in conjunction with other issues to execute arbitrary code in the context of Administrator.

Recommendations For NetGain Systems Enterprise Manager version 7.2.699 build 1001, consider disabling the doFilter method within the MainFilter servlet as a temporary workaround until a patch is available. Restrict access to the MainFilter servlet to minimize the risk of exploitation.