cbcvebase.
CVE-2022-37027
published 2022-09-21

CVE-2022-37027: Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web…

PriorityP357high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
20.79%
97.2th percentile
Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject arbitrary Java JVM options. Administrators that can modify the Runtime Options in the web interface can inject Java Runtime Options. These take effect after a restart. For example, an attacker can enable JMX services and consequently achieve remote code execution as the system user.

Affected

1 ranges
VendorProductVersion rangeFixed in
ahsaycloud_backup_suite
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.