Researchers at the Cisco’s Talos division have found that Imunify360 is highly vulnerable and can be used by a remote attacker to extract incorrect code from the server using a specially designed file.
The bug, which is tracked as CVE-2021-21956 and defined as a deserialization problem, exists in the Ai-Bolit malware scanner section.
Risk was reported to the seller in early October and highlighted in the same month with the AI-Bolit update released to customers via Imunify360 5.11.3. The seller released the blog post at that time to notify customers of the matter.
Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News