Fix for CVE-2024-6658

It is possible for authenticated, remote attackers (who have access to the ECS Connection Manager (ECS CM) management interface and ECS CM credentials) to issue a carefully crafted HTTP request using the NetConsole API command that will allow arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed. Refer to this knowledge base article for more information.

Fix for CVE-2024-7591

It is possible for unauthenticated, remote attackers (who have access to the ECS CM management interface) to issue a carefully crafted HTTP request that will allow arbitrary system commands to be executed. This vulnerability has been closed by sanitizing request user input to mitigate arbitrary system commands being executed. [Note that this fix was previously delivered in an add-on patch; the same fix has now been included in this release and will be included in all subsequent releases.] Refer to this knowledge base article for more information.