According to an advisory published by ConnectWise, a critical remote code execution vulnerability, tracked as CVE-2022-36537, could allow an attacker to directly access confidential data. The bug affected ConnectWise recover v2.9.7 and earlier versions along with R1 Soft SBM v6.16.3 and earlier versions. Huntress researchers explained that the authentication bypass and sensitive file leak affect the Java framework “ZK” Ajax web application framework used within the ConnectWise R1Soft software Server Backup Manager SE. The researchers published a video PoC that demonstrated this vulnerability being exploited.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in