Fix for CVE-2024-6658

Command Injection by Authenticated User: It is possible for authenticated, remote attackers who have access to the management interface of LoadMaster (and LoadMaster credentials) to issue a carefully crafted HTTP request using the NetConsole API command that will allow arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed. For more information, refer to the related knowledge base article.

Fix for CVE-2024-7591

Command Injection by Unauthenticated User: It is possible for unauthenticated, remote attackers who have access to the management interface to issue a carefully crafted HTTP request that will allow arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed. [Note that this fix was previously delivered in an add-on patch; the same fix has now been included in this release and will be included in all subsequent releases.] For more information, refer to the related knowledge base article.