A remote attacker may exploit the vulnerability by sending a specially crafted request to the AOD server. Successful exploitation will allow the attacker to cause a memory corruption and execute arbitrary code. An attacker may also exploit the vulnerability by sending a specially crafted request to the AOD server. Successful exploitation will allow the attacker to cause a memory corruption and execute arbitrary code. In case the AOD server is running in a inactive state, an attacker may send a specially crafted request to the AOD server. This request may exploit the server by sending a specially crafted request to the AOD server. This request may exploit the server by sending a specially crafted request to the AOD server. An attacker may send a specially crafted request to the AOD server. This request may exploit the server by sending a specially crafted request to the AOD server. This request may exploit the server by sending a specially crafted request to the AOD server. An attacker may send a specially crafted request to the AOD server. This request may exploit the server by sending a specially crafted request to the AOD server. This request may exploit the server by sending a specially crafted request to the AOD server. An attacker may exploit the issue by sending a specially crafted request to the AOD server. This request may exploit the server by sending a specially crafted request to the AOD server
Vulnerability Scenario
The AOD server is running on a computer that has a vulnerable version of Berkeley DB. An attacker may exploit the vulnerability by sending a specially crafted request to the AOD server. This request may result in a memory corruption and execute arbitrary code. An attacker may exploit the vulnerability by sending a specially crafted request to the AOD server. This request may result in a memory corruption and execute arbitrary code.
Knowledge of the vulnerability is limited, such as to only an authorized user of the AOD server, who has access to certain privileges that are not granted to any user of the AOD server. The vulnerability would not be discovered without specialized software because detection typically requires specialized software tools or techniques with which an attacker is unlikely to be familiar.
AOD: Authentication and Authorization of Devices
Authentication and authorization of devices (AOD) is a service that allows an administrator to manage the authentication and authorization policies for mobile devices.
The AOD service includes Web Services for Device Authentication, which provides support for device synchronization and application access.
The AOD service also includes Web Services for Application Access, which provides support for applications that have been integrated with the client's enterprise identity infrastructure.
The AOD service also supports two-factor authentication (2FA) through a variety of methods.
Affected Pivotal Products and Versions
Pivotal products are not affected by this vulnerability. Therefore, Pivotal is not patching any affected products in this advisory.
Vulnerable versions of the software have been identified as follows:
- WebSphere AOC 4.0 MR3 (build 4)
- WebSphere AOS 6.0 MR4 (build 1)
Vulnerable Packages
- squid3-av (4.4.1)
- squid3-bin (4.4.1)
- squid3-cgi (4.4.1)
- squid3-dev (4.4.1)
- squid3 (4.4.1)
Timeline
Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/20/2022 18:58:00 UTC