Carson Wang

Name of the Vulnerable Software and Affected Versions: ThreatSonar Anti-Ransomware (affected versions not specified) Description: The issue allows remote attackers with intermediate privileges to inject arbitrary OS commands and execute them on the server, gaining administrative access to the remote host. This is due to an OS Command Injection vulnerability in the product. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ThreatSonar Anti-Ransomware versions up to 3.8.0 Description: The issue allows remote attackers with intermediate privileges to escalate their privileges to the highest administrator level through a specific API. This vulnerability affects the API authorization component. Recommendations: For versions up to 3.8.0, as a temporary workaround, consider restricting access to the vulnerable API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.