CVE-2022-28719

Name of the Vulnerable Software and Affected Versions AssetView versions prior to 13.2.0

Description The issue is related to missing authentication for a critical function in AssetView, allowing a remote unauthenticated attacker with some knowledge of the system configuration to upload a crafted configuration file to the managing server. This may result in managed clients executing arbitrary code with administrative privilege.

Recommendations For versions prior to 13.2.0, update to version 13.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the configuration upload feature to minimize the risk of exploitation.