Jxt

**Name of the Vulnerable Software and Affected Versions** eIQnetworks Enterprise Security Analyzer (ESA) versions prior to 2.5.0 **Description** The issue allows remote attackers to execute arbitrary code via long commands to various servers, including the Syslog daemon, Topology server, License Manager, and Monitoring agent. The affected commands include `DELTAINTERVAL`, `LOGFOLDER`, `DELETELOGS`, `FWASERVER`, `SYSLOGPUBLICIP`, `GETFWAIMPORTLOG`, `GETFWADELTA`, `DELETERDEPDEVICE`, `COMPRESSRAWLOGFILE`, `GETSYSLOGFIREWALLS`, `ADDPOLICY`, `EDITPOLICY`, `GUIADDDEVICE`, `ADDDEVICE`, `DELETEDEVICE`, `LICMGR ADDLICENSE`, `TRACE`, and `QUERYMONITOR`. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable commands and servers, such as the Syslog daemon, Topology server, License Manager, and Monitoring agent, until a patch is available. Avoid using long commands to these servers to minimize the risk of exploitation.