Command injection

2021-08-1218:15:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.5%

JSON

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.

CPENameOperatorVersion
application_insight_managereq>= b107 AND < b115

CPE	Name	Operator	Version
	application_insight_manager	eq	>= b107 AND < b115

References

github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2021-0022/FEYE-2021-0022.md

github.com/monitorapp-aicc/report/wiki/CVE-2021-36982

www.monitorapp.com/waf/