Intel · Intelmq Manager · CVE-2020-11016
**Name of the Vulnerable Software and Affected Versions**
IntelMQ Manager versions 1.1.0 through 2.1.0
**Description**
The issue arises from the backend's incorrect handling of user-input messages in the "send" functionality of the Inspect-tool of the Monitor component. This could allow an attacker with access to the IntelMQ Manager to execute arbitrary code with the privileges of the webserver.
**Recommendations**
For IntelMQ Manager versions 1.1.0 through 2.1.0, update to version 2.1.1 to fix the vulnerability.
As a temporary workaround, consider restricting access to the Inspect-tool of the Monitor component until the update is applied.