IBM Network Security Protection XGS Remote Code Execution (swg21690823) (credentialed check)
High Nessus Plugin ID 80335
SynopsisThe remote appliance has an application that is affected by a code execution vulnerability.
DescriptionThe firmware version installed on the remote IBM XGS appliance does not properly sanitize certain user-supplied inputs which can allow a remote, authenticated attacker to execute shell commands with the privileges of the 'www-data' user via a standard HTTP request.
SolutionApply the relevant patch referenced in the vendor's advisory.