Andover Continuum: Code Injection Vulnerability Allows Unauthorized File Access

Andover Continuum: Code Injection Vulnerability Allows Unauthorized File Access

CVE-2020-7480 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data.

Learn more about our Cis Benchmark Audit For Server Software.