ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass Vulnerability

ABB Cylon Aspect version 3.08.01 is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with...