Vulnerabilities (CVE)

Filtered by vendor Fujitsu Subscribe
Filtered by product Eternus Cs8000
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31795 1 Fujitsu 2 Eternus Cs8000, Eternus Cs8000 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.
CVE-2022-31794 1 Fujitsu 2 Eternus Cs8000, Eternus Cs8000 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.