PT-2022-15736 · Mcms · Mcms
Lz2Y&R2
·
Published
2022-01-20
·
Updated
2022-01-26
·
CVE-2022-22928
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MCMS version 5.2.4
Description
The issue allows attackers to exploit a hardcoded
shiro-key and execute arbitrary code.Recommendations
For MCMS version 5.2.4, consider removing or updating the hardcoded
shiro-key to prevent exploitation. As a temporary workaround, restrict access to sensitive areas of the system that utilize the shiro-key until a more permanent solution is available.Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcms