Gemalto (Thales Group) DS3 Authentication Server and Ezio Server versions prior to 310 suffer from semi-blind OS command injection, local file disclosure, and broken access controls that when combined allows a low-privileged application user to upload a JSP web shell with the access rights of the lower privileged Linux system user "asadmin" ...