Fix for CVE-2024-2448

Command Injection by Authenticated User: A logged-in UI user with any permission settings can inject commands into the UI using a carefully crafted shell command that will execute the command in the context of that page and only for that user. This vulnerability has been closed by enhancing the validation performed by the UI. For more information, please see the related Support Knowledge Base article.

Fix for CVE-2024-2449

Cross Site Request Forgery: This vulnerability requires that a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, can direct a currently logged in administrative user to another third-party site. Once that occurs, carefully crafted HTTP requests can be made to the UI to execute actions as that admin user on LoadMaster. This vulnerability has been closed by enhancing the validation performed when CSRF checks are performed. For more information, please see the related Support Knowledge Base article.