RULE(RULE ID:330913)

Rule General Information
Release Date: 2020-08-25
Rule Name: Weaver OA Management System Remote Code Execution Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Fanwei provides mobile office, WeChat office, collaborative office (OA), process management, information portal, knowledge management, cost control management and other functions. It is suitable for mobile phones and PC terminals and is one of the more mainstream OA systems today. There are remote code execution vulnerabilities in Fanwei e-cology 7.0, 8.0, and 8.1. Attackers can attack vulnerable Pan-Micro OA users through carefully constructed request packets to execute arbitrary code, and then obtain system Shell.
Impact: An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.
Affected OS: Windows, Others
Reference:
Solutions
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.