CVE-2022-26111

Name of the Vulnerable Software and Affected Versions IRISNext versions through 9.8.28

Description The issue allows execution of arbitrary commands on the target server by creating a custom search or editing an existing search of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.

Recommendations For versions through 9.8.28, consider restricting access to the search components to minimize the risk of exploitation. As a temporary workaround, avoid using the BeanShell expressions in the search functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.