Apache · Tomcat Manager · CVE-2020-26510
**Name of the Vulnerable Software and Affected Versions**
Airleader Master versions <= 6.21
**Description**
The issue allows remote code execution due to default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file.
**Recommendations**
For Airleader Master versions <= 6.21, change the default credentials to secure ones and restrict access to the Tomcat Manager to minimize the risk of exploitation.