PT-2022-27060 · Unknown · Backclick Professional

Moritz Bechler

Published

2022-11-16

Updated

2022-11-21

CVE-2022-43999

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BACKCLICK Professional version 5.9.63

Description An issue was discovered due to exposed CORBA management services, allowing arbitrary system commands to be executed on the server.

Recommendations For BACKCLICK Professional version 5.9.63, consider restricting access to the CORBA management services as a temporary workaround until a patch is available.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2022-43999

Affected Products

Backclick Professional

PT-2022-27060 · Unknown · Backclick Professional

CVE-2022-43999

Weakness Enumeration

Related Identifiers

Affected Products

References · 4