Lsws Enterprise
Monthly
OS command injection in OpenLiteSpeed and LSWS Enterprise web servers from LiteSpeed Technologies allows administrative users to execute arbitrary operating system commands on the host. The flaw affects all versions of both products per ENISA EUVD and was reported by JPCERT/CC via JVN. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.16%, 37th percentile), but the high CVSS 4.0 score (8.6) reflects full confidentiality, integrity, and availability impact on the underlying host.
OS command injection in OpenLiteSpeed and LSWS Enterprise web servers from LiteSpeed Technologies allows administrative users to execute arbitrary operating system commands on the host. The flaw affects all versions of both products per ENISA EUVD and was reported by JPCERT/CC via JVN. No public exploit identified at time of analysis and EPSS exploitation probability is low (0.16%, 37th percentile), but the high CVSS 4.0 score (8.6) reflects full confidentiality, integrity, and availability impact on the underlying host.