CVE-2023-6071

Name of the Vulnerable Software and Affected Versions ESM versions prior to 11.6.9

Description The issue is related to an improper neutralization of special elements used in a command, allowing a remote administrator to execute arbitrary code as root on the ESM. This is possible due to incorrect sanitization of input when adding a new data source.

Recommendations For versions prior to 11.6.9, update to version 11.6.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the data source addition functionality to minimize the risk of exploitation.