CVE-2021-37106

Name of the Vulnerable Software and Affected Versions FusionCompute versions 6.3.0 through 6.3.1 FusionCompute version 6.5.0 FusionCompute version 8.0.0

Description The issue is related to a command injection vulnerability in the CMA service module of FusionCompute. This occurs when the software processes the default certificate file and constructs part of a command using external special input from users without sufficient validation of the user input. Successful exploitation could allow an attacker to inject certain commands into the system, potentially enabling remote execution of arbitrary commands.

Recommendations For FusionCompute versions 6.3.0 through 6.3.1, consider disabling the default certificate file processing until a patch is available. For FusionCompute version 6.5.0, restrict access to the CMA service module to minimize the risk of exploitation. For FusionCompute version 8.0.0, avoid using external special input from users in the default certificate file processing until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.