PT-2021-21419 · Monitorapp · Aimanager+1

Sameer S. Mohite

Published

2021-08-12

Updated

2021-08-24

CVE-2021-36982

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0

Description The issue is related to OS Command Injection due to missing input validation on one of the parameters of an HTTP request.

Recommendations For AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0, consider restricting access to the vulnerable parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2021-36982

Affected Products

Aimanager

Aiwaf

PT-2021-21419 · Monitorapp · Aimanager+1

CVE-2021-36982

Weakness Enumeration

Related Identifiers

Affected Products

References · 5