CVE-2019-6800

Name of the Vulnerable Software and Affected Versions TitanHQ SpamTitan versions 7.03 and earlier

Description A vulnerability exists in the spam rule update function of the affected software. Updates are downloaded over HTTP, including scripts that are subsequently executed with root permissions. This allows an attacker with a privileged network position to inject arbitrary commands.

Recommendations For TitanHQ SpamTitan versions 7.03 and earlier, consider disabling the spam rule update function until a secure update mechanism is implemented, and restrict access to the update process to minimize the risk of exploitation.