Vulnerability Description
ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nitrosecurity | Nitroview Esm Software | 8.4.0a |
| Nitrosecurity | Nitroview Esm | ns-esm-5205-r |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/15318Exploit
- http://www.securityfocus.com/bid/44421Exploit
- http://www.securitytracker.com/id?1024639
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62768
- http://www.exploit-db.com/exploits/15318Exploit
- http://www.securityfocus.com/bid/44421Exploit
- http://www.securitytracker.com/id?1024639
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62768
FAQ
What is CVE-2010-4099?
CVE-2010-4099 is a vulnerability with a CVSS score of 6.8 (MEDIUM). ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.
How severe is CVE-2010-4099?
CVE-2010-4099 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4099?
Check the references section above for vendor advisories and patch information. Affected products include: Nitrosecurity Nitroview Esm Software, Nitrosecurity Nitroview Esm.