CVE-2022-21941

Name of the Vulnerable Software and Affected Versions iSTAR Ultra versions prior to 6.8.9.CU01

Description The issue is related to a command injection that could allow an unauthenticated user root access to the system. It is also associated with the lack of data cleaning measures at the controller level, which could enable a remote attacker to elevate their privileges to the root level.

Recommendations For versions prior to 6.8.9.CU01, update to version 6.8.9.CU01 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation.