CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2022-37718
https://notcve.org/view.php?id=CVE-2022-37718
The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an unauthenticated context via unspecified vectors • https://www.cryptnetix.com/blog/2022/09/14/Edge-Nexus-Vulnerability-Disclosure.html https://www.edgenexus.io/products/load-balancer • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37719
https://notcve.org/view.php?id=CVE-2022-37719
A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. Una vulnerabilidad de Cross-site REquest Forgery (CSRF) en el portal de administración de JetNexus/EdgeNexus ADC 4.2.8 permite a los atacantes escalar privilegios y ejecutar código arbitrario a través de vectores no especificados. • https://www.cryptnetix.com/blog/2022/09/14/Edge-Nexus-Vulnerability-Disclosure.html https://www.edgenexus.io/products/load-balancer • CWE-352: Cross-Site Request Forgery (CSRF) •