Overview
- Description
- AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monitorapp:application_insight_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9E2CA11-04CA-43E3-BBC2-46A2DAD8ED3F",
"versionEndExcluding": "b115",
"versionStartIncluding": "b107"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monitorapp:application_insight_web_application_firewall:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "89AC475F-FDAF-442D-A441-EEF883CF1142"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]