CVE-2019-7589

Name of the Vulnerable Software and Affected Versions Kantech EntraPass Corporate Edition versions 8.0 and prior Kantech EntraPass Global Edition versions 8.0 and prior

Description A vulnerability exists in the SmartService API Service option, allowing an unauthorized user to potentially upload malicious code to the server, which could be executed at system level privileges.

Recommendations For Kantech EntraPass Corporate Edition versions 8.0 and prior, update to a version later than 8.0 to resolve the issue. For Kantech EntraPass Global Edition versions 8.0 and prior, update to a version later than 8.0 to resolve the issue. As a temporary workaround, consider restricting access to the SmartService API Service option until a patch is available.