CVE-2024-3784

Name of the Vulnerable Software and Affected Versions WBSAirback version 21.02.04

Description The issue involves improper neutralisation of Server-Side Includes (SSI) through S3 Accounts, accessible via the "/admin/CloudAccounts" API endpoint. This could allow a remote user to execute arbitrary code.

Recommendations For WBSAirback version 21.02.04, consider disabling access to the "/admin/CloudAccounts" API endpoint until a patch is available to prevent exploitation. Additionally, restrict the use of S3 Accounts to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.