Assetview · Assetview · CVE-2022-28719
**Name of the Vulnerable Software and Affected Versions**
AssetView versions prior to 13.2.0
**Description**
The issue is related to missing authentication for a critical function in AssetView, allowing a remote unauthenticated attacker with some knowledge of the system configuration to upload a crafted configuration file to the managing server. This may result in managed clients executing arbitrary code with administrative privilege.
**Recommendations**
For versions prior to 13.2.0, update to version 13.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration upload feature to minimize the risk of exploitation.