Home / os / winmobile

Gemalto DS3 Authentication Server / Ezio Server Command Injection / File Disclosure

Posted on 10 May 2019

Gemalto (Thales Group) DS3 Authentication Server and Ezio Server versions prior to 3.1.0 suffer from semi-blind OS command injection, local file disclosure, and broken access controls that when combined allows a low-privileged application user to upload a JSP web shell with the access rights of the lower privileged Linux system user "asadmin".

 

TOP

Malware :

Exploits :