CVE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

CVE-2021-45967

An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints...

CVE-2021-45967

Pascom Cloud Phone System before 7.20.x is affected by a path traversal vulnerability caused by a configuration mismatch between NGINX and the backend Tomcat, exposing unintended endpoints. Multiple connected sources corroborate a pre-7.20.x issue with path traversal (and related exposure). Remed...

CVE-2021-45966

Pascom Cloud Phone System prior to 7.20.x contains a remote code execution flaw in the management REST API: /services/apply in exd.pl does not properly filter shell metacharacters, enabling an attacker to run arbitrary code. Affected component is the /services/apply endpoint of the exd.pl script;...

CVE-2021-45966

An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters...

CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

CVE-2021-45968

Pascom CPS before 7.20 contains a known Local File Inclusion vulnerability (CVE-2021-45968) in Pascom Cloud Phone System, as documented by Nuclei templates. The issue can allow an attacker to access sensitive information or arbitrary files via LFI. Remediation: apply the latest vendor patches/upd...

Pascom Cloud Phone System 操作系统命令注入漏洞

Pascom Cloud Phone System is a cloud phone system from Pascom. An operating system command injection vulnerability exists in Pascom Cloud Phone System, which stems from the failure of /services/apply in exd.pl to properly filter the special elements of the construct snippet, which can be exploite...

Pascom Cloud Phone System 代码问题漏洞

Pascom Cloud Phone System is a cloud-based phone system from Pascom. A server request forgery vulnerability exists in Pascom Cloud Phone System, which stems from the product's failure to properly validate user input and could be exploited by attackers to probe server intranet resources...

Pascom Cloud Phone System 路径遍历漏洞

Pascom Cloud Phone System is a cloud phone system from Pascom. Used to provide integrated communication solutions for businesses and individuals, Pascom Cloud Phone System is vulnerable to a path traversal vulnerability that stems from a configuration error before nginx and the back-end server...

Critical RCE Bugs Found in Pascom Cloud Phone System Used by Businesses

Researchers have disclosed three security vulnerabilities affecting Pascom Cloud Phone System CPS that could be combined to achieve a full pre-authenticated remote code execution of affected systems. Kerbit security researcher Daniel Eshetu said the shortcomings, when chained together, can lead t...