CVE-2021-45966

An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...

BIT-OPENFIRE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

VulnCheck KEV: CVE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

CVE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

CVE-2021-45966

An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...

CVE-2021-45966

An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...

Server side request forgery (ssrf)

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

Code injection

An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...

Path traversal

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

CVE-2021-45967

Pascom Cloud Phone System before 7.20.x is affected by a path traversal vulnerability caused by a configuration mismatch between NGINX and the backend Tomcat, exposing unintended endpoints. Multiple connected sources corroborate a pre-7.20.x issue with path traversal (and related exposure). Remed...

CVE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

CVE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

CVE-2021-45966

An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...

CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

Pascom Cloud Phone System 路径遍历漏洞

Pascom Cloud Phone System is a cloud phone system from Pascom. Used to provide integrated communication solutions for businesses and individuals, Pascom Cloud Phone System is vulnerable to a path traversal vulnerability that stems from a configuration error before nginx and the back-end server...

Pascom Cloud Phone System 操作系统命令注入漏洞

Pascom Cloud Phone System is a cloud phone system from Pascom. An operating system command injection vulnerability exists in Pascom Cloud Phone System, which stems from the failure of /services/apply in exd.pl to properly filter the special elements of the construct snippet, which can be exploite...

Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses

Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System CPS that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu said the shortcomings, when chained together, can lead t...