CVE-2021-37102

Name of the Vulnerable Software and Affected Versions FusionCompute versions 6.0.0 through 8.0.0

Description The issue arises from a command injection vulnerability in the CMA service module of the FusionCompute product. This occurs when the software processes the default certificate file and constructs part of a command using external special input from users without sufficient validation. As a result, a successful exploit could allow an attacker to inject certain commands into the system.

Recommendations For FusionCompute versions 6.0.0 through 8.0.0, update to a version that includes the fix for this issue to prevent command injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.