CVE-2022-37425
9.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
Workarounds
Do not allow regular users to use the FILES directive inside their VM templates, instead set up a context files datastore, and allow users to upload and reference their files from that datastore, using the FILES_DS directive.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.