CVE-2024-9150

Name of the Vulnerable Software and Affected Versions Wyn Enterprise versions prior to 8.0.00204.0

Description The report generation functionality in Wyn Enterprise allows for code inclusion but does not sufficiently limit what code might be included. An attacker can use a low-privileges account to abuse this functionality, execute malicious code, load DLL libraries, and execute OS commands on a host system with applications' high privileges.

Recommendations For versions prior to 8.0.00204.0, update to version 8.0.00204.0 to fix the issue. As a temporary workaround, consider restricting access to the report generation functionality to minimize the risk of exploitation.