CVE-2023-25759

Name of the Vulnerable Software and Affected Versions Tripleplay Platform versions prior to 3.4.0

Description The issue allows authenticated users to run unprivileged OS level commands via a crafted request payload. This is due to an OS Command Injection in the TripleData Reporting Engine.

Recommendations For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the TripleData Reporting Engine to minimize the risk of exploitation.