Environment
Access Manager 4.3
Access Manager 4.4
Administration Console
CVE-2018-1342
ZDI-CAN-5088
Situation
Vulnerability exists on Admin Console where an attacker can upload files to the Admin Console server (CVE-2018-1342)
Resolution
Fixed in 4.3.3 and 4.4.0 hf1.
Thanks to Ariele Caltabiano (kimiya) and rgod for identifying issue and working with Trend Micro's Zero Day Initiative
Thanks to Ariele Caltabiano (kimiya) and rgod for identifying issue and working with Trend Micro's Zero Day Initiative