CVE-2024-3788

Name of the Vulnerable Software and Affected Versions WBSAirback version 21.02.04

Description The issue involves improper neutralisation of Server-Side Includes (SSI) through the License endpoint (/admin/CDPUsers), which could allow a remote user to execute arbitrary code.

Recommendations For WBSAirback version 21.02.04, consider restricting access to the /admin/CDPUsers endpoint until a patch is available. As a temporary workaround, avoid using the License feature in the vulnerable version to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.