CVE-2019-12491
19.06.2019, 16:15
OnApp before 5.0.0-88, 5.5.0-93, and 6.0.0-196 allows an attacker to run arbitrary commands with root privileges on servers managed by OnApp for XEN/KVM hypervisors. To exploit the vulnerability an attacker has to have control of a single server on a given cloud (e.g. by renting one). From the source server, the attacker can craft any command and trigger the OnApp platform to execute that command with root privileges on a target server.Enginsight
| Vendor | Product | Version |
|---|---|---|
| onapp | onapp | 5.0.0 |
| onapp | onapp | 5.0.0:update_79 |
| onapp | onapp | 5.0.0:update_82 |
| onapp | onapp | 5.0.0:update_83 |
| onapp | onapp | 5.0.0:update_87 |
| onapp | onapp | 5.1.0 |
| onapp | onapp | 5.1.0:update_16 |
| onapp | onapp | 5.2.0 |
| onapp | onapp | 5.3.0 |
| onapp | onapp | 5.3.0:update_41 |
| onapp | onapp | 5.4.0 |
| onapp | onapp | 5.4.0:update_66 |
| onapp | onapp | 5.4.0:update_70 |
| onapp | onapp | 5.4.0:update_72 |
| onapp | onapp | 5.4.0:update_76 |
| onapp | onapp | 5.4.0:update_82 |
| onapp | onapp | 5.4.0:update_84 |
| onapp | onapp | 5.5.0 |
| onapp | onapp | 5.5.0:update_50 |
| onapp | onapp | 5.5.0:update_59 |
| onapp | onapp | 5.5.0:update_65 |
| onapp | onapp | 5.5.0:update_75 |
| onapp | onapp | 5.5.0:update_80 |
| onapp | onapp | 5.5.0:update_83 |
| onapp | onapp | 5.5.0:update_87 |
| onapp | onapp | 5.5.0:update_90 |
| onapp | onapp | 5.5.0:update_92 |
| onapp | onapp | 5.6.0 |
| onapp | onapp | 5.6.0:update_83 |
| onapp | onapp | 5.7.0 |
| onapp | onapp | 5.8.0 |
| onapp | onapp | 5.9.0 |
| onapp | onapp | 5.10.0 |
| onapp | onapp | 6.0:update_122 |
| onapp | onapp | 6.0:update_152 |
| onapp | onapp | 6.0:update_159 |
| onapp | onapp | 6.0:update_62 |
| onapp | onapp | 6.0:update_80 |
| onapp | onapp | 6.0:update_98 |
| onapp | onapp | 6.0.0 |
𝑥
= Vulnerable software versions