Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Server & Application Monitor (SAM) > Privilege Vulnerability detected in SAM

Privilege Vulnerability detected in SAM

Table of contents

Updated July 28, 2016

Overview

This article explains why Zero Day Initiative detects a vulnerability in the Orion Alert Manager that allows it to execute scripts or programs. The Vulnerability ID is ZDI-14-428. More information in Zero Day Initiative (© 2016 Zero Day Initiative, available at http://www.zerodayinitiative.com/, obtained on July 27, 2016.)

Environment

All SAM versions

Detail

This is by design and will not be changed. The purpose of the Alerting Service is to run actions configured by the user to run executables, run scripts, restart services, reboot servers, send emails, and so on.  Without the privilege of performing these actions, the Alerting Service cannot attempt to recover items that are currently in a failed state and cannot notify you of these failed states.

 

 

Last modified
22:12, 27 Jul 2016

Tags

Classifications

Public