Fix for CVE-2024-6658

Command Injection by Authenticated User: It is possible for authenticated, remote attackers (who have access to the management interface of LoadMaster and LoadMaster credentials) to issue a carefully-crafted HTTP request using the NetConsole API command that will allow arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed. Refer to this knowledge base article for more information.

Fix for CVE-2024-7591

Command Injection by Unauthenticated User: It is possible for unauthenticated, remote attackers (who have access to the management interface) to issue a carefully-crafted HTTP request that will allow arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed. [Note that this fix was previously delivered in an add-on patch; the same fix has now been included in this release and will be included in all subsequent releases.] Refer to this knowledge base article for more information.