CVE-2024-43690

Name of the Vulnerable Software and Affected Versions Command Centre Server and Command Centre Workstations versions 8.70 and prior Command Centre Server and Command Centre Workstations versions 8.80 through 8.80 prior to vEL8.80.1938 (MR6) Command Centre Server and Command Centre Workstations versions 8.90 through 8.90 prior to vEL8.90.2155 (MR5) Command Centre Server and Command Centre Workstations versions 9.00 through 9.00 prior to vEL9.00.2168 (MR4) Command Centre Server and Command Centre Workstations versions 9.10 through 9.10 prior to vEL9.10.1530 (MR2)

Description The issue affects the Command Centre Server and Workstations, allowing an attacker to perform Remote Code Execution (RCE) due to the inclusion of functionality from an untrusted control sphere.

Recommendations For Command Centre Server and Command Centre Workstations versions 8.70 and prior, upgrade to a version later than vEL8.80.1938 (MR6) to mitigate the risk. For Command Centre Server and Command Centre Workstations versions 8.80 through 8.80 prior to vEL8.80.1938 (MR6), upgrade to vEL8.80.1938 (MR6) or later. For Command Centre Server and Command Centre Workstations versions 8.90 through 8.90 prior to vEL8.90.2155 (MR5), upgrade to vEL8.90.2155 (MR5) or later. For Command Centre Server and Command Centre Workstations versions 9.00 through 9.00 prior to vEL9.00.2168 (MR4), upgrade to vEL9.00.2168 (MR4) or later. For Command Centre Server and Command Centre Workstations versions 9.10 through 9.10 prior to vEL9.10.1530 (MR2), upgrade to vEL9.10.1530 (MR2) or later.