A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.
[
{
"product": "Ivanti Incapptic Connect",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in version 1.40.1"
}
]
}
]