CVE-2019-19469

Name of the Vulnerable Software and Affected Versions Zmanda Management Console version 3.3.9

Description The issue allows for CSRF, as demonstrated by command injection with shell metacharacters, potentially due to weak default credentials. This can be exploited through the "ZMC Admin Advanced?form=adminTasks&action=Apply&command=" API endpoint.

Recommendations For Zmanda Management Console version 3.3.9, consider disabling the ZMC Admin Advanced function or restricting access to the "ZMC Admin Advanced?form=adminTasks&action=Apply&command=" endpoint until a patch is available. Additionally, changing default credentials to stronger ones may help mitigate the risk.