CVE-2024-55063

Name of the Vulnerable Software and Affected Versions: EasyVirt DC NetScope versions 8.7.0 and earlier

Description: The issue allows remote authenticated attackers to execute arbitrary code. This can be achieved via several parameters, including the lang parameter to "/international/keyboard/options", the keyboard layout or keyboard variant parameter to "/international/settings/keyboard", and the timezone parameter to "/international/settings/timezone".

Recommendations: For EasyVirt DC NetScope versions 8.7.0 and earlier, update to a version later than 8.7.0 to resolve the issue. As a temporary workaround, consider restricting access to the "/international/keyboard/options", "/international/settings/keyboard", and "/international/settings/timezone" API endpoints until a patch is available. Avoid using the lang, keyboard layout, keyboard variant, and timezone parameters in the affected API endpoints until the issue is resolved.