Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Server & Application Monitor (SAM) > Privilege Vulnerability detected in SAM

Privilege Vulnerability detected in SAM

Table of contents

Updated July 28, 2016

Overview

This article explains why Zero Day Initiative detects a vulnerability in the Orion Alert Manager that allows it to execute scripts or programs. The Vulnerability ID is ZDI-14-428. More information in Zero Day Initiative (© 2016 Zero Day Initiative, available at http://www.zerodayinitiative.com/, obtained on July 27, 2016.)

Environment

All SAM versions

Detail

This is by design and will not be changed. The purpose of the Alerting Service is to run actions configured by the user to run executables, run scripts, restart services, reboot servers, send emails, and so on.  Without the privilege of performing these actions, the Alerting Service cannot attempt to recover items that are currently in a failed state and cannot notify you of these failed states.

 

 

Last modified
22:12, 27 Jul 2016

Tags

Classifications

Public