Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN41853173/index.html | Third Party Advisory |
https://www.logstorage.com/support/vulnerability_info.html#jvn-41853173 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-01-28 11:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-5626
Mitre link : CVE-2020-5626
CVE.ORG link : CVE-2020-5626
JSON object : View
Products Affected
infoscience
- elc_analytics
- logstorage
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')