A serious vulnerability has been discovered which allows a remote attacker access to an Enterprise Server and allows execution of arbitrary commands. This vulnerability can be exploited by any unauthenticated user.
The remote attacker could access or manipulate any database records, including the ability to create a new login with which to access the Enterprise Server console to perform commands.
It is highly recommended that you upgrade immediately to version 2.5.0 or later. If your Enterprise Server is public facing, then you should immediately disable access and use the Enterprise Server locally until it can be upgraded.
Version 2.5.2 of the Enterprise Server can be downloaded here.
|Issue not present
||2.3.2 (and earlier)
||2.3.3 to 2.4.5 (inclusive)
||2.5.0 (and later)