1. Vulnerability Description

On September 19, 2019, the Weaver e-cology OA system was reported to contain a remote code execution vulnerability. This vulnerability exists in the BeanShell component of the Weaver OA system. This component comes with the system and allows unauthorized access. Attackers could exploit this vulnerability to directly execute arbitrary commands on the target server by calling a vulnerable interface of the BeanShell component. Currently, Weaver has released security patches to fix this vulnerability. Affected users are advised to download and install patches as soon as possible.

(more…)