Allround Automations PL/SQL Developer < 220.127.116.116 HTTP Insecure Update RCE
Medium Nessus Plugin ID 90797
SynopsisThe application installed on the remote host is affected by a remote code execution vulnerability.
DescriptionThe version of Allround Automations PL/SQL Developer installed on the remote host is prior to 18.104.22.1686. It is, therefore, affected by a remote code execution vulnerability due to a failure to properly verify the origin or authenticity of update data sent via HTTP. A man-in-the-middle attacker can exploit this to modify the client-server data stream to change the update, allowing the execution of arbitrary code.
SolutionUpgrade to PL/SQL Developer version 22.214.171.1246 or later.