An issue exists in Bloomreach Experience Manager (brXM) 4.1.0 up to and including 14.2.2. It allows remote malicious users to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bloomreach experience manager |