CVE-2019-19292

Name of the Vulnerable Software and Affected Versions Control Center Server versions prior to V1.5.0

Description The issue is related to a lack of protection against SQL query structure exploitation. This can be exploited by a remote attacker to read or modify the central control server database, as well as execute database operations or operating system commands with administrator privileges. The vulnerability is present in the XML-based communication protocol used by the Control Center Server, accessible on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this to gain administrative access to the database and potentially the operating system.

Recommendations For versions prior to V1.5.0, update to version V1.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to ports 5444/tcp and 5440/tcp to minimize the risk of exploitation. Additionally, limiting administrative database operations and operating system commands can help reduce the potential impact of this issue.