Remote Command Execution Vulnerability in Fujitsu-Siemens ServerView Web Interface
CVE-2007-3011

Currently unrated

Key Information:

Vendor: Fujitsu
Status: Serverview
Vendor: CVE Published:; 5 July 2007

What is CVE-2007-3011?

The DBAsciiAccess CGI Script in Fujitsu-Siemens Computers ServerView, prior to version 4.50.09, is susceptible to a remote command execution flaw. This vulnerability allows adversaries to inject and execute arbitrary shell commands by leveraging shell metacharacters in the Servername subparameter of the ParameterList parameter. Successful exploitation could lead to unauthorized operations on the server, highlighting the importance of input validation and security measures within web interfaces.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35257

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/472800/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2007/2441

vdb-entryx_refsource_VUPEN

EPSS Score

17% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2007
Vulnerability Reserved
Jun 4, 2007

JSON