Visualware: >> Myconnection Server >> 11.0b Security Vulnerabilities
An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.
CVSS Score
9.8
EPSS Score
0.123
Published
2021-02-26
In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-02-19