Newsoftoa
Monthly
OS command injection in NewSoft NewSoftOA allows remote unauthenticated attackers to execute arbitrary system commands on the server. CVSS 9.3 (Critical) with network attack vector and no authentication required. The description contains a contradiction - it states 'local attackers' while CVSS vector indicates AV:N (network-accessible). Based on CVSS vector, this is remotely exploitable without authentication. No CISA KEV listing or public exploit code identified at time of analysis, but network accessibility and lack of auth barriers make this a high-priority remediation target for organizations running NewSoftOA.
OS command injection in NewSoft NewSoftOA allows remote unauthenticated attackers to execute arbitrary system commands on the server. CVSS 9.3 (Critical) with network attack vector and no authentication required. The description contains a contradiction - it states 'local attackers' while CVSS vector indicates AV:N (network-accessible). Based on CVSS vector, this is remotely exploitable without authentication. No CISA KEV listing or public exploit code identified at time of analysis, but network accessibility and lack of auth barriers make this a high-priority remediation target for organizations running NewSoftOA.