According to an advisory published by ConnectWise, a critical remote code execution vulnerability, tracked as CVE-2022-36537, could allow an attacker to directly access confidential data. The bug affected ConnectWise recover v2.9.7 and earlier versions along with R1 Soft SBM v6.16.3 and earlier versions. Huntress researchers explained that the authentication bypass and sensitive file leak affect the Java framework “ZK” Ajax web application framework used within the ConnectWise R1Soft software Server Backup Manager SE. The researchers published a video PoC that demonstrated this vulnerability being exploited.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security