Description
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Master during client version handling.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Fortra / Core Privileged Access Manager (BoKS)boks-server 8.1.0.0 – boks-server 8.1.0.22
- Fortra / Core Privileged Access Manager (BoKS)boks-server 9.0.0.0 – boks-server 9.0.0.4