CVE-2021-26705

Name of the Vulnerable Software and Affected Versions SquareBox CatDV Server versions through 9.2

Description An issue was discovered in SquareBox CatDV Server, where an attacker can invoke sensitive RMI methods, such as getConnections, without authentication. The results of these methods can be used to generate valid authentication tokens, which can then be used to invoke administrative tasks within the application, such as disclosing password hashes.

Recommendations For SquareBox CatDV Server versions through 9.2, consider disabling the getConnections method until a patch is available to prevent unauthorized access to sensitive information. Restrict access to administrative tasks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.